/**
* Load a user by his e-mail adress
*
* @param string $email The email of the user to load.
*
* @throws Exception If user cannot be loaded
*/
public function loadUserByEmail($email)
{
$email = (string) $email;
$db = BackendModel::getContainer()->get('database');
// get user-data
$userData = (array) $db->getRecord('SELECT u.id, u.email, u.is_god, us.session_id, us.secret_key, UNIX_TIMESTAMP(us.date) AS date
FROM users AS u
LEFT OUTER JOIN users_sessions AS us ON u.id = us.user_id AND us.session_id = ?
WHERE u.email = ?
LIMIT 1', array(\SpoonSession::getSessionId(), $email));
// if there is no data we have to destroy this object, I know this isn't a realistic situation
if (empty($userData)) {
throw new Exception('user (' . $email . ') can\'t be loaded.');
}
// set properties
$this->setUserId($userData['id']);
$this->setEmail($userData['email']);
$this->setSessionId($userData['session_id']);
$this->setSecretKey($userData['secret_key']);
$this->setLastloggedInDate($userData['date']);
$this->isAuthenticated = true;
$this->isGod = $userData['is_god'] == 'Y';
$this->loadGroups($userData['id']);
// get settings
$settings = (array) $db->getPairs('SELECT us.name, us.value
FROM users_settings AS us
INNER JOIN users AS u ON us.user_id = u.id
WHERE u.email = ?', array($email));
// loop settings and store them in the object
foreach ($settings as $key => $value) {
$this->settings[$key] = unserialize($value);
}
// nickname available?
if (!isset($this->settings['nickname']) || $this->settings['nickname'] == '') {
$this->setSetting('nickname', $this->settings['name'] . ' ' . $this->settings['surname']);
}
}
/**
* Get a token
*
* @return string
*/
public function getToken()
{
if (!SpoonSession::exists('form_token')) {
$token = md5(SpoonSession::getSessionId() . rand(0, 999) . time());
SpoonSession::set('form_token', $token);
}
return SpoonSession::get('form_token');
}
/**
* Logsout the current user
*
* @return void
*/
public static function logout()
{
// remove all rows owned by the current user
BackendModel::getDB(true)->delete('users_sessions', 'session_id = ?', SpoonSession::getSessionId());
// reset values. We can't destroy the session because session-data can be used on the site.
SpoonSession::set('backend_logged_in', false);
SpoonSession::set('backend_secret_key', '');
}
/**
* Parse the authentication settings for the authenticated user
*/
private function parseAuthentication()
{
// init var
$db = BackendModel::getDB();
// get allowed actions
$allowedActions = (array) $db->getRecords('SELECT gra.module, gra.action, MAX(gra.level) AS level
FROM users_sessions AS us
INNER JOIN users AS u ON us.user_id = u.id
INNER JOIN users_groups AS ug ON u.id = ug.user_id
INNER JOIN groups_rights_actions AS gra ON ug.group_id = gra.group_id
WHERE us.session_id = ? AND us.secret_key = ?
GROUP BY gra.module, gra.action', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key')));
// loop actions and assign to template
foreach ($allowedActions as $action) {
if ($action['level'] == '7') {
$this->assign('show' . SpoonFilter::toCamelCase($action['module'], '_') . SpoonFilter::toCamelCase($action['action'], '_'), true);
}
}
}
/**
* Validate the form.
*/
private function validateForm()
{
// submitted
if ($this->frm->isSubmitted()) {
// does the key exists?
if (SpoonSession::exists('formbuilder_' . $this->item['id'])) {
// calculate difference
$diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->addError(FL::err('FormTimeout'));
}
}
// validate fields
foreach ($this->item['fields'] as $field) {
// fieldname
$fieldName = 'field' . $field['id'];
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// loop other validations
foreach ($field['validations'] as $rule => $settings) {
// already has an error so skip
if ($this->frm->getField($fieldName)->getErrors() !== null) {
continue;
}
// required
if ($rule == 'required') {
$this->frm->getField($fieldName)->isFilled($settings['error_message']);
} elseif ($rule == 'email') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isEmail($settings['error_message']);
}
} elseif ($rule == 'numeric') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isNumeric($settings['error_message']);
}
}
}
}
// valid form
if ($this->frm->isCorrect()) {
// item
$data['form_id'] = $this->item['id'];
$data['session_id'] = SpoonSession::getSessionId();
$data['sent_on'] = FrontendModel::getUTCDate();
$data['data'] = serialize(array('server' => $_SERVER));
// insert data
$dataId = FrontendFormBuilderModel::insertData($data);
// init fields array
$fields = array();
// loop all fields
foreach ($this->item['fields'] as $field) {
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// field data
$fieldData['data_id'] = $dataId;
$fieldData['label'] = $field['settings']['label'];
$fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
// prepare fields for email
if ($this->item['method'] == 'database_email') {
// add field for email
$emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value']));
}
// clean up
if (is_array($fieldData['value']) && empty($fieldData['value'])) {
$fieldData['value'] = null;
}
// serialize
if ($fieldData['value'] !== null) {
$fieldData['value'] = serialize($fieldData['value']);
}
// save fields data
$fields[] = $fieldData;
// insert
FrontendFormBuilderModel::insertDataField($fieldData);
}
// need to send mail
if ($this->item['method'] == 'database_email') {
// build variables
$variables['sentOn'] = time();
$variables['name'] = $this->item['name'];
$variables['fields'] = $emailFields;
// loop recipients
foreach ($this->item['email'] as $address) {
// add email
FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']);
}
}
// trigger event
FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
// store timestamp in session so we can block excesive usage
SpoonSession::set('formbuilder_' . $this->item['id'], time());
// redirect
$redirect = SITE_URL . '/' . $this->URL->getQueryString();
$redirect .= stripos($redirect, '?') === false ? '?' : '&';
$redirect .= 'identifier=' . $this->item['identifier'];
// redirect with identifier
SpoonHTTP::redirect($redirect);
} else {
// global form errors set
if ($this->frm->getErrors() != '') {
$this->tpl->assign('formBuilderError', $this->frm->getErrors());
} else {
$this->tpl->assign('formBuilderError', FL::err('FormError'));
}
}
}
}
/**
* Loads the actual components on the page
*/
public function load()
{
// set tracking cookie
Model::getVisitorId();
// get pageId for requested URL
$this->pageId = Navigation::getPageId(implode('/', $this->URL->getPages()));
// set headers if this is a 404 page
if ($this->pageId == 404) {
$this->statusCode = 404;
if (extension_loaded('newrelic')) {
newrelic_name_transaction('404');
}
}
// create breadcrumb instance
$this->breadcrumb = new Breadcrumb($this->getKernel());
// create header instance
$this->header = new Header($this->getKernel());
// new footer instance
$this->footer = new Footer($this->getKernel());
// get page content
$this->getPageContent();
// process page
$this->processPage();
// execute all extras linked to the page
$this->processExtras();
// store statistics
$this->storeStatistics();
// trigger event
Model::triggerEvent('Core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => \SpoonSession::getSessionId(), 'visitorId' => Model::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER));
}
/**
* Logout a profile.
*
* @return void
*/
public static function logout()
{
// delete session records
FrontendModel::getDB(true)->delete('profiles_sessions', 'session_id = ?', array(SpoonSession::getSessionId()));
// set is_logged_in to false
SpoonSession::set('frontend_profile_logged_in', false);
// delete cookie
SpoonCookie::delete('frontend_profile_secret_key');
}
/**
* Loads the actual components on the page
*/
public function load()
{
// set tracking cookie
Model::getVisitorId();
// create header instance
$this->header = new Header($this->getKernel());
// get page content from pageId of the requested URL
$this->record = $this->getPageContent(Navigation::getPageId(implode('/', $this->URL->getPages())));
if (empty($this->record)) {
$this->record = Model::getPage(404);
}
// authentication
if (BackendModel::isModuleInstalled('Profiles') && isset($this->record['data']['auth_required'])) {
$data = $this->record['data'];
// is auth required and is profile logged in
if ($data['auth_required']) {
if (!FrontendAuthenticationModel::isLoggedIn()) {
// redirect to login page
$queryString = $this->URL->getQueryString();
throw new RedirectException('Redirect', new RedirectResponse(Navigation::getURLForBlock('Profiles', 'Login') . '?queryString=' . $queryString));
}
// specific groups for auth?
if (!empty($data['auth_groups'])) {
$inGroup = false;
foreach ($data['auth_groups'] as $group) {
if (FrontendAuthenticationModel::getProfile()->isInGroup($group)) {
$inGroup = true;
}
}
if (!$inGroup) {
$this->record = Model::getPage(404);
}
}
}
}
// we need to set the correct id
$this->pageId = (int) $this->record['id'];
// set headers if this is a 404 page
if ($this->pageId == 404) {
$this->statusCode = 404;
if (extension_loaded('newrelic')) {
newrelic_name_transaction('404');
}
}
// create breadcrumb instance
$this->breadcrumb = new Breadcrumb($this->getKernel());
// new footer instance
$this->footer = new Footer($this->getKernel());
// process page
$this->processPage();
// execute all extras linked to the page
$this->processExtras();
// store statistics
$this->storeStatistics();
// trigger event
Model::triggerEvent('Core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => \SpoonSession::getSessionId(), 'visitorId' => Model::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER));
}
public function __construct()
{
parent::__construct();
// set tracking cookie
FrontendModel::getVisitorId();
// add reference
Spoon::set('page', $this);
// get pageId for requested URL
$this->pageId = FrontendNavigation::getPageId(implode('/', $this->URL->getPages()));
// set headers if this is a 404 page
if ($this->pageId == 404) {
$this->statusCode = 404;
}
// create breadcrumb instance
$this->breadcrumb = new FrontendBreadcrumb();
// create header instance
$this->header = new FrontendHeader();
// new footer instance
$this->footer = new FrontendFooter();
// get pagecontent
$this->getPageContent();
// process page
$this->processPage();
// execute all extras linked to the page
$this->processExtras();
// store statistics
$this->storeStatistics();
// display
$this->display();
// trigger event
FrontendModel::triggerEvent('core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => SpoonSession::getSessionId(), 'visitorId' => FrontendModel::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER));
}
/**
* Get the visitor's id (using a tracking cookie)
*
* @return string
*/
public static function getVisitorId()
{
// check if tracking id is fetched already
if (self::$visitorId !== null) {
return self::$visitorId;
}
// get/init tracking identifier
self::$visitorId = CommonCookie::exists('track') && !empty($_COOKIE['track']) ? (string) CommonCookie::get('track') : md5(uniqid() . \SpoonSession::getSessionId());
if (!self::get('fork.settings')->get('Core', 'show_cookie_bar', false) || CommonCookie::hasAllowedCookies()) {
CommonCookie::set('track', self::$visitorId, 86400 * 365);
}
return self::getVisitorId();
}
/**
* Validate the form.
*/
private function validateForm()
{
// submitted
if ($this->frm->isSubmitted()) {
// does the key exists?
if (\SpoonSession::exists('formbuilder_' . $this->item['id'])) {
// calculate difference
$diff = time() - (int) \SpoonSession::get('formbuilder_' . $this->item['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->addError(FL::err('FormTimeout'));
}
}
// validate fields
foreach ($this->item['fields'] as $field) {
// field name
$fieldName = 'field' . $field['id'];
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// loop other validations
foreach ($field['validations'] as $rule => $settings) {
// already has an error so skip
if ($this->frm->getField($fieldName)->getErrors() !== null) {
continue;
}
// required
if ($rule == 'required') {
$this->frm->getField($fieldName)->isFilled($settings['error_message']);
} elseif ($rule == 'email') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isEmail($settings['error_message']);
}
} elseif ($rule == 'numeric') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isNumeric($settings['error_message']);
}
} elseif ($rule == 'time') {
$regexTime = '/^(([0-1][0-9]|2[0-3]|[0-9])|([0-1][0-9]|2[0-3]|[0-9])(:|h)[0-5]?[0-9]?)$/';
if (!\SpoonFilter::isValidAgainstRegexp($regexTime, $this->frm->getField($fieldName)->getValue())) {
$this->frm->getField($fieldName)->setError($settings['error_message']);
}
}
}
}
// valid form
if ($this->frm->isCorrect()) {
// item
$data['form_id'] = $this->item['id'];
$data['session_id'] = \SpoonSession::getSessionId();
$data['sent_on'] = FrontendModel::getUTCDate();
$data['data'] = serialize(array('server' => $_SERVER));
// insert data
$dataId = FrontendFormBuilderModel::insertData($data);
// init fields array
$fields = array();
// loop all fields
foreach ($this->item['fields'] as $field) {
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// field data
$fieldData['data_id'] = $dataId;
$fieldData['label'] = $field['settings']['label'];
$fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
if ($field['type'] == 'radiobutton') {
$values = array();
foreach ($field['settings']['values'] as $value) {
$values[$value['value']] = $value['label'];
}
$fieldData['value'] = $values[$fieldData['value']];
}
// clean up
if (is_array($fieldData['value']) && empty($fieldData['value'])) {
$fieldData['value'] = null;
}
// serialize
if ($fieldData['value'] !== null) {
$fieldData['value'] = serialize($fieldData['value']);
}
// save fields data
$fields[$field['id']] = $fieldData;
// insert
FrontendFormBuilderModel::insertDataField($fieldData);
}
$this->get('event_dispatcher')->dispatch(FormBuilderEvents::FORM_SUBMITTED, new FormBuilderSubmittedEvent($this->item, $fields, $dataId));
// trigger event
FrontendModel::triggerEvent('FormBuilder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
// store timestamp in session so we can block excessive usage
\SpoonSession::set('formbuilder_' . $this->item['id'], time());
// redirect
$redirect = SITE_URL . $this->URL->getQueryString();
$redirect .= stripos($redirect, '?') === false ? '?' : '&';
$redirect .= 'identifier=' . $this->item['identifier'];
$redirect .= '#' . $this->formName;
throw new RedirectException('Redirect', new RedirectResponse($redirect));
} else {
// not correct, show errors
// global form errors set
if ($this->frm->getErrors() != '') {
$this->tpl->assign('formBuilderError', $this->frm->getErrors());
} else {
// general error
$this->tpl->assign('formBuilderError', FL::err('FormError'));
}
}
}
}
/**
* Get the visitor's id (using a tracking cookie)
*
* @return string
*/
public static function getVisitorId()
{
// check if tracking id is fetched already
if (self::$visitorId !== null) {
return self::$visitorId;
}
// get/init tracking identifier
self::$visitorId = CommonCookie::exists('track') ? (string) CommonCookie::get('track') : md5(uniqid() . SpoonSession::getSessionId());
// set/prolong tracking cookie
CommonCookie::set('track', self::$visitorId, 86400 * 365);
return self::getVisitorId();
}
/**
* Logout a profile.
*/
public static function logout()
{
// delete session records
FrontendModel::getContainer()->get('database')->delete('profiles_sessions', 'session_id = ?', array(\SpoonSession::getSessionId()));
// set is_logged_in to false
\SpoonSession::set('frontend_profile_logged_in', false);
// delete cookie
CommonCookie::delete('frontend_profile_secret_key');
}
/**
* Get a token
*
* @return string
*/
public function getToken()
{
// no token available?
if (!SpoonSession::exists('form_token')) {
// generate a token
$token = md5(SpoonSession::getSessionId() . rand(0, 999) . time());
// store in session
SpoonSession::set('form_token', $token);
}
// return
return SpoonSession::get('form_token');
}
