/** * Constructor. * * Use FormUtil::newForm() instead of instantiating Zikula_Form_View directly. * * @param Zikula_ServiceManager $serviceManager ServiceManager. * @param string $module Module name. * @param integer $caching Caching flag (not used - just for e_strict). */ public function __construct(Zikula_ServiceManager $serviceManager, $module, $caching = null) { // override behaviour of anonymous sessions SessionUtil::requireSession(); // construct and use the available methods parent::__construct($serviceManager, $module, false); $this->addPluginDir('lib/legacy/viewplugins/formplugins', false); $this->setCaching(Zikula_View::CACHE_DISABLED); // custom Form setup $this->idCount = 1; $this->errorMsgSet = false; $this->plugins = array(); $this->blockStack = array(); $this->redirected = false; $this->validators = array(); $this->validationChecked = false; $this->_isValid = null; $this->initializeState(); $this->initializeStateData(); $this->initializeIncludes(); }
/** * Initialise Zikula. * * Carries out a number of initialisation tasks to get Zikula up and * running. * * @param integer $stage Stage to load. * * @return boolean True initialisation successful false otherwise. */ public function init($stage = self::STAGE_ALL) { $coreInitEvent = new Zikula_Event('core.init', $this); // store the load stages in a global so other API's can check whats loaded $this->stage = $this->stage | $stage; if ($stage & self::STAGE_PRE && $this->stage & ~self::STAGE_PRE) { ModUtil::flushCache(); System::flushCache(); $this->eventManager->notify(new Zikula_Event('core.preinit', $this)); } // Initialise and load configuration if ($stage & self::STAGE_CONFIG) { if (System::isLegacyMode()) { require_once 'lib/legacy/Compat.php'; } // error reporting if (!System::isInstalling()) { // this is here because it depends on the config.php loading. $event = new Zikula_Event('setup.errorreporting', null, array('stage' => $stage)); $this->eventManager->notify($event); } // initialise custom event listeners from config.php settings $coreInitEvent->setArg('stage', self::STAGE_CONFIG); $this->eventManager->notify($coreInitEvent); } // Check that Zikula is installed before continuing if (System::getVar('installed') == 0 && !System::isInstalling()) { System::redirect(System::getBaseUrl() . 'install.php?notinstalled'); System::shutDown(); } if ($stage & self::STAGE_DB) { try { $dbEvent = new Zikula_Event('core.init', $this, array('stage' => self::STAGE_DB)); $this->eventManager->notify($dbEvent); } catch (PDOException $e) { if (!System::isInstalling()) { header('HTTP/1.1 503 Service Unavailable'); require_once System::getSystemErrorTemplate('dbconnectionerror.tpl'); System::shutDown(); } else { return false; } } } if ($stage & self::STAGE_TABLES) { // Initialise dbtables ModUtil::dbInfoLoad('Extensions', 'Extensions'); ModUtil::initCoreVars(); ModUtil::dbInfoLoad('Settings', 'Settings'); ModUtil::dbInfoLoad('Theme', 'Theme'); ModUtil::dbInfoLoad('Users', 'Users'); ModUtil::dbInfoLoad('Groups', 'Groups'); ModUtil::dbInfoLoad('Permissions', 'Permissions'); ModUtil::dbInfoLoad('Categories', 'Categories'); if (!System::isInstalling()) { ModUtil::registerAutoloaders(); } $coreInitEvent->setArg('stage', self::STAGE_TABLES); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_SESSIONS) { SessionUtil::requireSession(); $coreInitEvent->setArg('stage', self::STAGE_SESSIONS); $this->eventManager->notify($coreInitEvent); } // Have to load in this order specifically since we cant setup the languages until we've decoded the URL if required (drak) // start block if ($stage & self::STAGE_LANGS) { $lang = ZLanguage::getInstance(); } if ($stage & self::STAGE_DECODEURLS) { System::queryStringDecode(); $coreInitEvent->setArg('stage', self::STAGE_DECODEURLS); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_LANGS) { $lang->setup(); $coreInitEvent->setArg('stage', self::STAGE_LANGS); $this->eventManager->notify($coreInitEvent); } // end block if ($stage & self::STAGE_MODS) { // Set compression on if desired if (System::getVar('UseCompression') == 1) { //ob_start("ob_gzhandler"); } ModUtil::load('SecurityCenter'); $coreInitEvent->setArg('stage', self::STAGE_MODS); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_THEME) { // register default page vars PageUtil::registerVar('title'); PageUtil::setVar('title', System::getVar('defaultpagetitle')); PageUtil::registerVar('keywords', true); PageUtil::registerVar('stylesheet', true); PageUtil::registerVar('javascript', true); PageUtil::registerVar('jsgettext', true); PageUtil::registerVar('body', true); PageUtil::registerVar('header', true); PageUtil::registerVar('footer', true); $theme = Zikula_View_Theme::getInstance(); // set some defaults // Metadata for SEO $this->serviceManager['zikula_view.metatags']['description'] = System::getVar('defaultmetadescription'); $this->serviceManager['zikula_view.metatags']['keywords'] = System::getVar('metakeywords'); $coreInitEvent->setArg('stage', self::STAGE_THEME); $this->eventManager->notify($coreInitEvent); } // check the users status, if not 1 then log him out if (UserUtil::isLoggedIn()) { $userstatus = UserUtil::getVar('activated'); if ($userstatus != Users_Constant::ACTIVATED_ACTIVE) { UserUtil::logout(); // TODO - When getting logged out this way, the existing session is destroyed and // then a new one is created on the reentry into index.php. The message // set by the registerStatus call below gets lost. LogUtil::registerStatus(__('You have been logged out.')); System::redirect(ModUtil::url('Users', 'user', 'login')); } } if ($stage & self::STAGE_POST && $this->stage & ~self::STAGE_POST) { $this->eventManager->notify(new Zikula_Event('core.postinit', $this, array('stages' => $stage))); } }
/** * Sets the currently logged in active user to the user account for the given uid. * * No events are fired from this function. To receive events, use {@link loginUsing()}. * * @param numeric $uid The user id of the user who should be logged into the system; required. * @param boolean $rememberMe If the user's login should be maintained on the computer from which the user is logging in, set this to true; * optional, defaults to false. * @param array $authenticationMethod An array containing the authentication method used to log the user in; optional, * defaults to the 'Users' module 'uname' method. * * @return void */ public static function setUserByUid($uid, $rememberMe = false, array $authenticationMethod = null) { if (!isset($uid) || empty($uid) || (string) (int) $uid != $uid) { throw new Zikula_Exception_Fatal(__('Attempt to set the current user with an invalid uid.')); } $userObj = self::getVars($uid); if (!isset($userObj) || !is_array($userObj) || empty($userObj)) { throw new Zikula_Exception_Fatal(__('Attempt to set the current user with an unknown uid.')); } if (!isset($authenticationMethod)) { $authenticationMethod = array('modname' => 'Users', 'method' => 'uname'); } elseif (empty($authenticationMethod) || !isset($authenticationMethod['modname']) || empty($authenticationMethod['modname']) || !isset($authenticationMethod['method']) || empty($authenticationMethod['method'])) { throw new Zikula_Exception_Fatal(__('Attempt to set the current user with an invalid authentication method.')); } // Storing Last Login date -- store it in UTC! Do not use date() function! $nowUTC = new DateTime(null, new DateTimeZone('UTC')); if (!self::setVar('lastlogin', $nowUTC->format('Y-m-d H:i:s'), $userObj['uid'])) { // show messages but continue LogUtil::registerError(__('Error! Could not save the log-in date.')); } if (!System::isInstalling()) { SessionUtil::requireSession(); } $session = ServiceUtil::get('request')->getSession(); // Set session variables -- this is what really does the Zikula login $session->set('uid', $userObj['uid']); $session->set('users/authentication_method', $authenticationMethod); if (!empty($rememberMe)) { $session->set('rememberme', 1); } // now that we've logged in the permissions previously calculated (if any) are invalid $GLOBALS['authinfogathered'][$userObj['uid']] = 0; }
/** * Generate the upgrade module page. * * This function upgrade available module to an upgrade * * @param string $username Username of the admin user. * @param string $password Password of the admin user. * * @return void */ function _upg_upgrademodules($username, $password) { _upg_header(); $modvars = DBUtil::selectObjectArray('module_vars'); foreach ($modvars as $modvar) { if ($modvar['value'] == '0' || $modvar['value'] == '1') { $modvar['value'] = serialize($modvar['value']); DBUtil::updateObject($modvar, 'module_vars'); } } // force load the modules admin API ModUtil::loadApi('Extensions', 'admin', true); echo '<h2>' . __('Starting upgrade') . '</h2>' . "\n"; echo '<ul id="upgradelist" class="check">' . "\n"; // reset for User module //$GLOBALS['_ZikulaUpgrader']['_ZikulaUpgradeFrom12x'] = false; $results = ModUtil::apiFunc('Extensions', 'admin', 'upgradeall'); if ($results) { foreach ($results as $modname => $result) { if ($result) { echo '<li class="passed">' . DataUtil::formatForDisplay($modname) . ' ' . __('upgraded') . '</li>' . "\n"; } else { echo '<li class="failed">' . DataUtil::formatForDisplay($modname) . ' ' . __('not upgraded') . '</li>' . "\n"; } } } echo '</ul>' . "\n"; if (!$results) { echo '<ul class="check"><li class="passed">' . __('No modules required upgrading') . '</li></ul>'; } // wipe out the deprecated modules from Modules list. $modTable = 'modules'; $sql = "DELETE FROM {$modTable} WHERE name = 'Header_Footer' OR name = 'AuthPN' OR name = 'pnForm' OR name = 'Workflow' OR name = 'pnRender' OR name = 'Admin_Messages'"; DBUtil::executeSQL($sql); // store localized displayname and description for Extensions module $extensionsDisplayname = __('Extensions'); $extensionsDescription = __('Manage your modules and plugins.'); $sql = "UPDATE modules SET name = 'Extensions', displayname = '{$extensionsDisplayname}', description = '{$extensionsDescription}' WHERE modules.name = 'Extensions'"; DBUtil::executeSQL($sql); // regenerate the themes list ModUtil::apiFunc('Theme', 'admin', 'regenerate'); // store the recent version in a config var for later usage. This enables us to determine the version we are upgrading from System::setVar('Version_Num', Zikula_Core::VERSION_NUM); System::setVar('language_i18n', ZLanguage::getLanguageCode()); // Relogin the admin user to give a proper admin link SessionUtil::requireSession(); echo '<p class="z-statusmsg">' . __('Finished upgrade') . " - \n"; $authenticationInfo = array('login_id' => $username, 'pass' => $password); $authenticationMethod = array('modname' => 'Users', 'method' => 'uname'); if (!UserUtil::loginUsing($authenticationMethod, $authenticationInfo)) { $url = sprintf('<a href="%s">%s</a>', DataUtil::formatForDisplay(System::getBaseUrl()), DataUtil::formatForDisplay(System::getVar('sitename'))); echo __f('Go to the startpage for %s', $url); } else { upgrade_clear_caches(); $url = sprintf('<a href="%s">%s</a>', ModUtil::url('Admin', 'admin', 'adminpanel'), DataUtil::formatForDisplay(System::getVar('sitename'))); echo __f('Go to the admin panel for %s', $url); } echo "</p>\n"; _upg_footer(); }
/** * Generate auth key. * * @param string $modname Module name. * * @deprecated since 1.3.0 * * @return string An encrypted key for use in authorisation of operations. */ public static function generateAuthKey($modname = '') { // Ugly hack for Zikula_Response_Ajax which for BC reasons needs to add authid to response // So when this method is called by Zikula_Response_Ajax or Zikula_Response_Ajax_Error class // do not mark it as deprecated. $trace = debug_backtrace(false); if (!isset($trace[1]['class']) || !in_array($trace[1]['class'], array('Zikula_Response_Ajax', 'Zikula_Response_Ajax_Error'))) { LogUtil::log(__f('Warning! Static call %1$s is deprecated. Please use %2$s instead.', array('SecurityUtil::generateAuthKey()', 'SecurityUtil::generateCsrfToken()')), E_USER_DEPRECATED); } // since we need sessions for authorisation keys we should check // if a session exists and if not create one SessionUtil::requireSession(); if (empty($modname)) { $modname = ModUtil::getName(); } // Remove from 1.4 if (System::isLegacyMode() && $modname == 'Modules') { LogUtil::log(__('Warning! "Modules" module has been renamed to "Extensions". Please update any generateAuthKey calls in PHP or templates.')); $modname = 'ZikulaExtensionsModule'; } // get the module info $modinfo = ModUtil::getInfoFromName($modname); $modname = strtolower($modinfo['name']); // get the array of randomed values per module // and generate the one of the current module if doesn't exist $rand_arr = SessionUtil::getVar('rand'); if (!isset($rand_arr[$modname])) { $rand_arr[$modname] = RandomUtil::getString(32, 40, false, true, true, false, true, true, false); SessionUtil::setVar('rand', $rand_arr); } $key = $rand_arr[$modname] . $modname; if (System::getVar('keyexpiry') > 0) { $timestamp = time(); $authid = sha1($key . $timestamp) . $timestamp; } else { $authid = sha1($key); } // Return encrypted key return $authid; }
/** * Allow the user to accept active terms of use and/or privacy policy. * * This function is currently used by the Legal module's handler for the users.login.veto event. * * @return string The rendered output from the template. * * @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt. * * @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt; * also thrown in cases where expected data is not present or not in an expected form; * also thrown if the call to this function is not the result of a POST operation or a GET operation. */ public function acceptPolicies() { // Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to // throw an exception. We need to make sure no sensitive data is left dangling in the session variables. $sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name); $this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name); $processed = false; $helper = new Legal_Helper_AcceptPolicies(); if ($this->request->isPost()) { $this->checkCsrfToken(); $isLogin = isset($sessionVars) && !empty($sessionVars); if (!$isLogin && !UserUtil::isLoggedIn()) { throw new Zikula_Exception_Forbidden(); } elseif ($isLogin && UserUtil::isLoggedIn()) { throw new Zikula_Exception_Fatal(); } $policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false); $acceptedPolicies = array( 'termsOfUse' => $this->request->getPost()->get('acceptedpolicies_termsofuse', false), 'privacyPolicy' => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false), 'agePolicy' => $this->request->getPost()->get('acceptedpolicies_agepolicy', false), 'cancellationRightPolicy' => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false), 'tradeConditions' => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false) ); if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) { throw new Zikula_Exception_Fatal(); } $activePolicies = $helper->getActivePolicies(); $originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid); $fieldErrors = array(); if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) { $fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.'); } if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) { $fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.'); } if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) { $fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0))); } if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) { $fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.'); } if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) { $fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.'); } if (empty($fieldErrors)) { $now = new DateTime('now', new DateTimeZone('UTC')); $nowStr = $now->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) { $termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid); } else { $termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse']; } if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) { $privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy']; } if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) { $agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid); } else { $agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy']; } if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) { $cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy']; } if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) { $tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid); } else { $tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions']; } $processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed; } if ($processed) { if ($isLogin) { $loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users'); $loginArgs['authentication_method'] = $sessionVars['authentication_method']; $loginArgs['authentication_info'] = $sessionVars['authentication_info']; $loginArgs['rememberme'] = $sessionVars['rememberme']; return ModUtil::func('Users', 'user', 'login', $loginArgs); } else { $this->redirect(System::getHomepageUrl()); } } } elseif ($this->request->isGet()) { $isLogin = $this->request->getGet()->get('login', false); $fieldErrors = array(); } else { throw new Zikula_Exception_Forbidden(); } // If we are coming here from the login process, then there are certain things that must have been // send along in the session variable. If not, then error. if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj']) || !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info']) || !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method'])) ) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { $policiesUid = $sessionVars['user_obj']['uid']; } else { $policiesUid = UserUtil::getVar('uid'); } if (!$policiesUid || empty($policiesUid)) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { // Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable // Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data // would have been orphaned, and it contains some sensitive information. SessionUtil::requireSession(); $this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name); } $templateVars = array( 'login' => $isLogin, 'policiesUid' => $policiesUid, 'activePolicies' => $helper->getActivePolicies(), 'acceptedPolicies' => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'originalAcceptedPolicies' => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'fieldErrors' => $fieldErrors, ); return $this->view->assign($templateVars) ->fetch('legal_user_acceptpolicies.tpl'); }
/** * Initialise Zikula. * * Carries out a number of initialisation tasks to get Zikula up and * running. * * @param integer $stage Stage to load. * * @return boolean True initialisation successful false otherwise. */ public function onInit(GetResponseEvent $event) { if ($event->getRequestType() === HttpKernelInterface::SUB_REQUEST) { return; } $this->dispatcher = $event->getDispatcher(); $this->stage = $stage = self::STAGE_ALL; $coreInitEvent = new GenericEvent($this); $coreInitEvent['request'] = $event->getRequest(); // store the load stages in a global so other API's can check whats loaded $this->dispatcher->dispatch(CoreEvents::PREINIT, new GenericEvent($this)); // // Initialise and load configuration // if ($stage & self::STAGE_CONFIG) { // // error reporting // if (!\System::isInstalling()) { // // this is here because it depends on the config.php loading. // $event = new GenericEvent(null, array('stage' => $stage)); // $this->dispatcher->dispatch(CoreEvents::ERRORREPORTING, $event); // } // // // initialise custom event listeners from config.php settings // $coreInitEvent->setArg('stage', self::STAGE_CONFIG); // $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); // } // // Check that Zikula is installed before continuing // if (\System::getVar('installed') == 0 && !\System::isInstalling()) { // $response = new RedirectResponse(\System::getBaseUrl().'install.php?notinstalled'); // $response->send(); // \System::shutdown(); // } if ($stage & self::STAGE_DB) { try { $dbEvent = new GenericEvent(); $this->dispatcher->dispatch('doctrine.init_connection', $dbEvent); $dbEvent = new GenericEvent($this, array('stage' => self::STAGE_DB)); $this->dispatcher->dispatch(CoreEvents::INIT, $dbEvent); } catch (\PDOException $e) { if (!\System::isInstalling()) { header('HTTP/1.1 503 Service Unavailable'); require_once \System::getSystemErrorTemplate('dbconnectionerror.tpl'); \System::shutDown(); } else { return false; } } } if ($stage & self::STAGE_TABLES) { // Initialise dbtables \ModUtil::initCoreVars(); \ModUtil::dbInfoLoad('SettingsModule', 'SettingsModule'); \ModUtil::dbInfoLoad('ThemeModule', 'ThemeModule'); \ModUtil::dbInfoLoad('UsersModule', 'UsersModule'); \ModUtil::dbInfoLoad('GroupsModule', 'GroupsModule'); \ModUtil::dbInfoLoad('PermissionsModule', 'PermissionsModule'); \ModUtil::dbInfoLoad('CategoriesModule', 'CategoriesModule'); if (!\System::isInstalling()) { \ModUtil::registerAutoloaders(); } $coreInitEvent->setArg('stage', self::STAGE_TABLES); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } if ($stage & self::STAGE_SESSIONS) { \SessionUtil::requireSession(); $coreInitEvent->setArg('stage', self::STAGE_SESSIONS); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } // Have to load in this order specifically since we cant setup the languages until we've decoded the URL if required (drak) // start block if ($stage & self::STAGE_LANGS) { $lang = \ZLanguage::getInstance(); } if ($stage & self::STAGE_DECODEURLS) { \System::queryStringDecode(); $coreInitEvent->setArg('stage', self::STAGE_DECODEURLS); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } if ($stage & self::STAGE_LANGS) { $lang->setup(); $coreInitEvent->setArg('stage', self::STAGE_LANGS); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } // end block if ($stage & self::STAGE_MODS) { // Set compression on if desired if (\System::getVar('UseCompression') == 1) { //ob_start("ob_gzhandler"); } \ModUtil::load('SecurityCenter'); $coreInitEvent->setArg('stage', self::STAGE_MODS); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } if ($stage & self::STAGE_THEME) { // register default page vars \PageUtil::registerVar('title'); \PageUtil::setVar('title', \System::getVar('defaultpagetitle')); \PageUtil::registerVar('keywords', true); \PageUtil::registerVar('stylesheet', true); \PageUtil::registerVar('javascript', true); \PageUtil::registerVar('jsgettext', true); \PageUtil::registerVar('body', true); \PageUtil::registerVar('header', true); \PageUtil::registerVar('footer', true); $theme = \Zikula_View_Theme::getInstance(); // set some defaults // Metadata for SEO $this->container['zikula_view.metatags']['description'] = \System::getVar('defaultmetadescription'); $this->container['zikula_view.metatags']['keywords'] = \System::getVar('metakeywords'); $coreInitEvent->setArg('stage', self::STAGE_THEME); $this->dispatcher->dispatch(CoreEvents::INIT, $coreInitEvent); } // check the users status, if not 1 then log him out if (\UserUtil::isLoggedIn()) { $userstatus = \UserUtil::getVar('activated'); if ($userstatus != UsersConstant::ACTIVATED_ACTIVE) { \UserUtil::logout(); // TODO - When getting logged out this way, the existing session is destroyed and // then a new one is created on the reentry into index.php. The message // set by the registerStatus call below gets lost. \LogUtil::registerStatus(__('You have been logged out.')); $response = new RedirectResponse(\ModUtil::url('Users', 'user', 'login')); $response->send(); exit; } } if ($stage & self::STAGE_POST && $this->stage & ~self::STAGE_POST) { $this->dispatcher->dispatch(CoreEvents::POSTINIT, new GenericEvent($this, array('stages' => $stage))); } $this->dispatcher->dispatch('frontcontroller.predispatch', new GenericEvent()); }
/** * Update the user's password. * * Parameters passed via GET: * -------------------------- * None. * * Parameters passed via POST: * --------------------------- * string oldpassword The original password. * string newpassword The new password to be stored for the user. * string newpasswordconfirm Verification of the new password to be stored for the user. * * Parameters passed via SESSION: * ------------------------------ * Namespace: Zikula_Users * Variable: Users_Controller_User_updatePassword * Type: array * Contents: An array containing the information saved from the log-in attempt in order to re-enter it, including: * 'authentication_method', an array containing the selected authentication module name and method name, * 'authentication_info', an array containing the authentication information entered by the user, * 'user_obj', a user record containing the user information found during the log-in attempt, * 'password_errors', errors that have occurred during a previous pass through this function. * * @return bool True on success, otherwise false. */ public function updatePassword() { $sessionVars = $this->request->getSession()->get('Users_Controller_User_updatePassword', null, 'Zikula_Users'); $this->request->getSession()->del('Users_Controller_User_updatePassword', 'Zikula_Users'); if (!$this->request->isPost()) { throw new Zikula_Exception_Forbidden(); } $this->checkCsrfToken(); if (isset($sessionVars) && !empty($sessionVars)) { $login = true; $userObj = $sessionVars['user_obj']; } else { $login = false; $userObj = UserUtil::getVars(UserUtil::getVar('uid'), true); } $uid = $userObj['uid']; if (!$login && !UserUtil::isLoggedIn()) { throw new Zikula_Exception_Forbidden(); } elseif ($login && UserUtil::isLoggedIn()) { throw new Zikula_Exception_Fatal(); } $passwordChanged = false; $currentPassword = $this->request->request->get('oldpassword', ''); $newPassword = $this->request->request->get('newpassword', ''); $newPasswordAgain = $this->request->request->get('newpasswordconfirm', ''); $newPasswordReminder= $this->request->request->get('passreminder', ''); $passwordErrors = array(); if (empty($currentPassword) || !UserUtil::passwordsMatch($currentPassword, $userObj['pass'])) { $passwordErrors['oldpass'][] = $this->__('The current password you entered is not correct. Please correct your entry and try again.'); } else { $passwordErrors = ModUtil::apiFunc($this->name, 'registration', 'getPasswordErrors', array( 'uname' => $userObj['uname'], 'pass' => $newPassword, 'passagain' => $newPasswordAgain, 'passreminder' => $newPasswordReminder )); if ($login && ($currentPassword == $newPassword)) { $passwordErrors['reginfo_pass'][] = $this->__('Your new password cannot match your current password.'); } } if (empty($passwordErrors)) { if (UserUtil::setPassword($newPassword, $uid)) { // no user.update event for password chagnes. $passwordChanged = true; // Clear the forced change of password flag, if it exists. UserUtil::delVar('_Users_mustChangePassword', $uid); if (!UserUtil::setVar('passreminder', $newPasswordReminder, $uid)) { $this->registerError($this->__('Warning! Your new password was saved, however there was a problem saving your new password reminder.')); } else { $this->registerStatus($this->__('Done! Saved your new password.')); } $userObj = UserUtil::getVars(UserUtil::getVar('uid'), true); if ($login) { $sessionVars['user_obj'] = $userObj; if ($sessionVars['authentication_method']['modname'] == $this->name) { // The password for Users module authentication was just changed. // In order to successfully log in the user, we need to change it on the authentication_info. $sessionVars['authentication_info']['pass'] = $newPassword; } } } else { throw new Zikula_Exception_Fatal($this->__('Sorry! There was a problem saving your new password.')); } } if ($passwordChanged) { if ($login) { $loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users'); $loginArgs['authentication_method'] = $sessionVars['authentication_method']; $loginArgs['authentication_info'] = $sessionVars['authentication_info']; $loginArgs['rememberme'] = $sessionVars['rememberme']; return ModUtil::func($this->name, 'user', 'login', $loginArgs); } else { return $this->redirect(ModUtil::url($this->name, 'user', 'main')); } } else { $sessionVars['password_errors'] = $passwordErrors; SessionUtil::requireSession(); $this->request->getSession()->set('Users_Controller_User_changePassword', $sessionVars, 'Zikula_Users'); $this->redirect(ModUtil::url($this->name, 'user', 'changePassword', array('login' => $login))); } }