public function checkAccess()
{
if ($this->isProtected() === true) {
if (!$this->auth->isLoggedIn()) {
RequestHandler::redirect($this->core->getSettings()->logincontroller->login_page);
}
$this->abortIfUserHasNotRights('CMS_BACKEND_ACCESS');
}
}
public function viewHttpErrors()
{
if (($deleteRouteId = $this->cmsController->getHttpRequest()->getVar('delete')) !== null) {
try {
$stmntRemove = $this->cmsController->getDB()->prepare("DELETE FROM mod_maintenance_page_not_found WHERE ID = ?");
$this->cmsController->getDB()->delete($stmntRemove, array($deleteRouteId));
$this->setMessageForNextPage(new CmsBackendMessage('Path removed successfully', CmsBackendMessage::MSG_TYPE_SUCCESS));
RequestHandler::redirect($this->getBaseURI() . '/http-errors');
} catch (\Exception $e) {
$this->setMessageForNextPage(new CmsBackendMessage('Could not remove path', CmsBackendMessage::MSG_TYPE_ERROR));
}
}
$sqlString = "\n\t\t\tSELECT *\n\t\t\tFROM mod_maintenance_page_not_found pnf\n\t\t\tLEFT JOIN (\n\t\t\t\tSELECT page_not_found_IDFK,\n\t\t\t\tCOUNT(*) error_count,\n\t\t\t\tCOUNT(DISTINCT ip_address) ip_address_count,\n\t\t\t\tMAX(request_date) most_recent_error_date\n\t\t\t\tFROM mod_maintenance_page_not_found_request\n\t\t\t\tGROUP BY page_not_found_IDFK\n\t\t\t) AS entry ON entry.page_not_found_IDFK = pnf.ID\n\t\t";
$trPaths = new TableRenderer('mod-maintenance-http-errors-paths', $this->cmsController->getDB(), $sqlString);
$trPaths->setOptions(array('delete' => '?delete={ID}'));
$columnMostRecentErrorDate = new Column('most_recent_error_date', 'Newest error', array(new DateColumnDecorator($this->cmsController->getLocaleHandler()->getDateTimeFormat())), true, null, TableRenderer::SORT_DESC);
$columnPath = new Column('path', 'Path', array(new RewriteColumnDecorator('<a href="' . $this->getBaseURI() . '/http-errors/view/{ID}">{path}</a>')), true);
$columnPath->setFilter();
$trPaths->setColumns(array($columnPath, $columnMostRecentErrorDate, new Column('error_count', 'Errors', array(), true), new Column('ip_address_count', 'IP addresses', array(), true)));
$trPaths->setDefaultOrder($columnMostRecentErrorDate);
return $this->renderModuleContent('mod-maintenance/http-errors-overview', array('siteTitle' => 'HTTP errors', 'table_paths' => $trPaths->display()));
}
/**
* Generates a CmsPage object according to the given route, renders it and creates the framework
* response for it.
*
* @return HttpResponse The rendered page with all headers set ready to send back to the client
* @throws CMSException
* @throws HttpException
* @throws \Exception
*/
public function deliverCMSPage()
{
$pageModel = new PageModel($this->db);
$this->cmsRoute = $pageModel->getRouteByURI($this->httpRequest->getPath());
if ($this->cmsRoute === null) {
//throw new HttpException('Could not find route: ' . $this->httpRequest->getPath(), 404);
return $this->deliverPreviewCMSPage();
}
if ($this->cmsRoute->isSSLRequired() && $this->httpRequest->getProtocol() !== HttpRequest::PROTOCOL_HTTPS) {
RequestHandler::redirect($this->httpRequest->getURL(HttpRequest::PROTOCOL_HTTPS));
} elseif ($this->auth->isLoggedIn() === false && $this->cmsRoute->isSSLForbidden() && $this->httpRequest->getProtocol() !== HttpRequest::PROTOCOL_HTTP) {
RequestHandler::redirect($this->httpRequest->getURL(HttpRequest::PROTOCOL_HTTP));
}
// Update httpRequest object
if ($this->cmsRoute->isRegex()) {
preg_match('@^' . $this->cmsRoute->getPattern() . '$@', $this->httpRequest->getPath(), $res);
array_shift($res);
$this->route->setParams($res);
} elseif ($this->cmsRoute->getModuleID() !== null) {
preg_match('@^' . $this->cmsRoute->getPattern() . '(/.+)?$@', $this->httpRequest->getPath(), $res);
array_shift($res);
$this->route->setParams($res);
}
if ($this->cmsRoute->getPageID() !== null) {
$this->cmsPage = $pageModel->getPageByID($this->cmsRoute->getPageID());
if ($this->cmsRoute->getModuleID() !== null) {
try {
$modId = $this->cmsRoute->getModuleID();
$modInfo = $this->moduleModel->getModuleById($modId);
if ($modInfo === null) {
throw new CMSException('The module with ID ' . $modId . ' has no frontend controller defined');
}
if (isset($this->loadedModules[$modInfo->name]) === false) {
$cmsModuleInstance = new $modInfo->frontendcontroller($this, $modInfo->name);
} else {
$cmsModuleInstance = $this->loadedModules[$modInfo->name];
}
if ($cmsModuleInstance instanceof CmsModuleFrontendController === false) {
throw new CMSException('The module frontend controller for module ' . $modInfo->name . ' is none of type CmsModuleFrontendController');
}
/** @var CmsModuleFrontendController $cmsModuleInstance */
$this->cmsModule = $cmsModuleInstance;
if (($response = $this->cmsModule->callMethodByPath($path = $this->route->getParam(0))) instanceof HttpResponse) {
return $response;
}
} catch (HttpException $e) {
if ($e->getCode() === 404) {
$this->eventDispatcher->dispatch('cms.page_not_found', new PageNotFoundEvent($this->httpRequest));
} elseif ($e->getCode() === 403) {
$this->eventDispatcher->dispatch('cms.page_access_denied', new PageAccessDeniedEvent($this->httpRequest));
}
throw $e;
}
}
return $this->generateCMSPage($pageModel);
} elseif ($this->cmsRoute->getExternalSource() !== null) {
if ($this->cmsRoute->isRegex()) {
$redirectLocation = preg_replace('@' . str_replace('@', '\\@', $this->cmsRoute->getPattern()) . '@', $this->cmsRoute->getExternalSource(), $this->httpRequest->getPath());
} else {
$redirectLocation = $this->cmsRoute->getExternalSource();
}
return new HttpResponse(301, null, array('Location' => $redirectLocation));
} elseif ($this->cmsRoute->getRedirectRoute() !== null) {
return new HttpResponse(301, null, array('Location' => $this->cmsRoute->getRedirectRoute()->getPattern()));
}
}
public function processNewPasswordPage()
{
if ($this->auth->isLoggedIn()) {
RequestHandler::redirect($this->core->getSettings()->logincontroller->page_after_login);
}
$tokenUserID = $this->route->getParam(0);
$token = substr($tokenUserID, 0, 13);
$userID = substr($tokenUserID, 13);
$this->formHelper = new FormHelper(FormHelper::METHOD_POST);
$this->formHelper->addField('password', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please type in your new password'));
$this->formHelper->addField('pwrepeat', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please retype your new password'));
if (!$this->formHelper->sent() || !$this->formHelper->validate()) {
return $this->getNewPasswordPage();
}
$newpw = $this->formHelper->getFieldValue('password');
if (strlen($newpw) < 8) {
$this->formHelper->addError(null, 'Your password has to be at least 8 characters long');
}
if (preg_match('/^\\d+$/', $newpw) || preg_match('/^[A-Za-z]+$/', $newpw)) {
$this->formHelper->addError(null, 'Your password has to be a mix of alpha and numeric signs');
}
if ($newpw !== $this->formHelper->getFieldValue('pwrepeat')) {
$this->formHelper->addError(null, 'Your new password and the repetition do not match');
}
if (!$this->auth->checkToken($token, $userID)) {
$this->formHelper->addError(null, 'Sorry the token you submittd is not valid anymore');
}
if ($this->formHelper->hasErrors()) {
return $this->getNewPasswordPage();
}
try {
$stmntSalt = $this->db->prepare("SELECT salt, confirmed FROM login WHERE token = ? AND ID = ?");
$resSalt = $this->db->select($stmntSalt, array($token, $userID));
if (count($resSalt) <= 0) {
throw new CMSException('Could not find user');
}
$stmntUpdatePw = $this->db->prepare("\n\t\t\t\tUPDATE login SET password = ?, confirmed = ?, token = NULL, tokentime = NULL WHERE token = ? AND ID = ?\n\t\t\t");
$this->db->update($stmntUpdatePw, array($this->auth->encryptPassword($newpw, $resSalt[0]->salt), $resSalt[0]->confirmed === null ? date('Y-m-d H:i:s') : $resSalt[0]->confirmed, $token, $userID));
} catch (\Exception $e) {
$this->formHelper->addError(null, 'Could not update password. Reason: ' . $e->getMessage());
return $this->getNewPasswordPage();
}
RequestHandler::redirect('/backend');
}
public function postEditRightGroup(array $params)
{
$this->cmsController->abortIfUserHasNotRights('BACKEND_RIGHTGROUPS_EDIT');
if (isset($params[0]) === false || ($rightGroup = $this->rightGroupModel->getRightGroupByID($params[0])) === null) {
$rightGroup = new RightGroup();
}
$this->prepareEditRightGroupForm($rightGroup);
if (!$this->form->isSent() || !$this->form->validate()) {
return $this->getEditRightGroup($params);
}
$rightValue = $this->form->getField('rights')->getValue();
$rootValue = $this->form->getField('root')->getValue();
$rightGroup->setGroupName($this->form->getField('name')->getValue());
$rightGroup->setGroupKey($this->form->getField('key')->getValue());
$rightGroup->setRoot($rootValue === null ? 0 : 1);
$rightGroup->setRights(is_array($rightValue) ? $rightValue : array());
$this->rightGroupModel->storeRightGroup($rightGroup);
RequestHandler::redirect($this->getBaseURI());
}
public function processRouteEdit()
{
$this->abortIfUserHasNotRights('CMS_ROUTES_EDIT');
//$coreModel = new CoreModel($this->db);
$pageModel = new PageModel($this->db);
$routeModel = new RouteModel($this->db);
$moduleModel = new ModuleModel($this->db);
$pageOptions = array();
foreach ($pageModel->getAllPages() as $p) {
$pageOptions[$p->ID] = $p->language_codeFK . ', ' . $p->title;
}
$routeOptions = array();
foreach ($routeModel->getAllRoutes() as $r) {
if ($r->ID == $this->route->getParam(0)) {
continue;
}
$routeOptions[$r->ID] = $r->pattern;
}
$moduleOptions = array();
foreach ($moduleModel->getModulesWithFrontendController() as $m) {
$routeOptions[$m->ID] = $m->ID;
}
$this->formHelper = new FormHelper(FormHelper::METHOD_POST);
$this->formHelper->addField('pattern', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please insert a pattern for this route'));
$this->formHelper->addField('page', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid page', 'options' => $pageOptions));
$this->formHelper->addField('robots', null, FormHelper::TYPE_STRING, false);
$this->formHelper->addField('regexp', null, FormHelper::TYPE_CHECKBOX);
$this->formHelper->addField('route_typ', null, FormHelper::TYPE_OPTION);
$this->formHelper->addField('redirect', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid page', 'options' => $pageOptions));
$this->formHelper->addField('module', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid module', 'options' => $moduleOptions));
if (!$this->formHelper->sent() || !$this->formHelper->validate()) {
return $this->getRouteEdit();
}
$patternStr = $this->formHelper->getFieldValue('pattern');
if (StringUtils::startsWith($patternStr, '/')) {
$this->formHelper->addError(null, 'The route can not start with a slash (/)');
return $this->getRouteEdit();
}
if (preg_match('@^[A-Za-z0-9\\-\\._/?#\\@&+=]+$@', $patternStr) === 0) {
$this->formHelper->addError(null, 'The route should only have alphanumeric characters and -._/?#@&+= in it');
return $this->getRouteEdit();
}
if ($patternStr === 'backend' || StringUtils::startsWith($patternStr, 'backend/') === true) {
$this->formHelper->addError(null, 'The route should not start with "backend/". This URI node is reserved by the CMS');
return $this->getRouteEdit();
}
// save settings
$routeTyp = $this->formHelper->getFieldValue('route_typ');
$stmntUpdate = $this->db->prepare("\n\t\t\tINSERT INTO route\n\t\t\t\tSET ID = ?, pattern = ?, regex = ?, page_IDFK = ?, mod_IDFK = ?, robots = ?, redirect_route_IDFK = ?\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\tpattern = ?, regex = ?, page_IDFK = ?, mod_IDFK = ?, robots = ?, redirect_route_IDFK = ?\n\n\t\t");
$resUpdate = $this->db->update($stmntUpdate, array($this->route->getParam(0), '/' . $patternStr, $this->formHelper->getFieldValue('regexp'), $routeTyp == 1 ? $this->formHelper->getFieldValue('page') : null, $this->formHelper->getFieldValue('module') == 0 ? null : $this->formHelper->getFieldValue('module'), $this->formHelper->getFieldValue('robots'), $routeTyp == 2 ? $this->formHelper->getFieldValue('redirect') : null, '/' . $patternStr, $this->formHelper->getFieldValue('regexp'), $routeTyp == 1 ? $this->formHelper->getFieldValue('page') : null, $this->formHelper->getFieldValue('module') == 0 ? null : $this->formHelper->getFieldValue('module'), $this->formHelper->getFieldValue('robots'), $routeTyp == 2 ? $this->formHelper->getFieldValue('redirect') : null));
RequestHandler::redirect('/backend/routes');
}
/**
* @return HttpResponse
*/
public function postModuleDetail()
{
$modEditLang = $this->getHttpRequest()->getVar('mod_edit_lang', 'strip_tags');
if ($modEditLang !== null) {
$_SESSION['mod_edit_lang'] = $modEditLang;
RequestHandler::redirect($_SERVER['REQUEST_URI']);
}
return $this->getModuleDetail();
}
public function processPageRightEdit($params)
{
$this->formHelper = new FormHelper(FormHelper::METHOD_POST);
$pageID = isset($params[0]) ? $params[0] : null;
$rightGroupModel = new RightGroupModel($this->cmsController->getDB());
$optsRightGroups = array();
foreach ($rightGroupModel->getRightGroups() as $g) {
if ($g->isRoot() === true) {
continue;
}
$optsRightGroups[$g->getID()] = $g->getGroupName();
}
$this->formHelper->addField('rightgroup', null, FormHelper::TYPE_OPTION, true, array('missingError' => 'Please choose a group', 'invalidError' => 'Please choose a valid group', 'options' => $optsRightGroups));
$this->formHelper->addField('rights', null, FormHelper::TYPE_MULTIOPTIONS, false, array('missingError' => 'Please choose one or more rights', 'invalidError' => 'Please choose one or more valid rights', 'options' => array('read' => 'read', 'write' => 'write')));
$this->formHelper->addField('date_from', null, FormHelper::TYPE_DATE, true, array('missingError' => 'Please enter a date from where the group should have access', 'invalidError' => 'Please enter a valid date from where the group should habe acess'));
$this->formHelper->addField('date_to', null, FormHelper::TYPE_DATE, false, array('invalidError' => 'Please enter a valid date till when the group should habe acess'));
if (!$this->formHelper->sent() || !$this->formHelper->validate()) {
return $this->getPageRightEdit($params);
}
$dateFrom = $this->formHelper->getFieldValue('date_from');
$dateTo = $this->formHelper->getFieldValue('date_to');
if ($dateFrom !== null) {
$dtFrom = new \DateTime($this->formHelper->getFieldValue('date_from'));
}
if ($dateTo !== null) {
$dtTo = new \DateTime($this->formHelper->getFieldValue('date_to'));
}
$rights = $this->formHelper->getFieldValue('rights');
try {
$stmntSaveRightGroup = $this->cmsController->getDB()->prepare("\n\t\t\t\tINSERT INTO page_has_rightgroup SET page_IDFK = ?, rightgroup_IDFK = ?, start_date = ?, end_date = ?, rights = ?\n\t\t\t\tON DUPLICATE KEY UPDATE start_date = ?, end_date = ?, rights = ?\n\t\t\t");
$this->cmsController->getDB()->insert($stmntSaveRightGroup, array($pageID, $this->formHelper->getFieldValue('rightgroup'), $dateFrom !== null ? $dtFrom->format('Y-m-d H:i:s') : null, $dateTo !== null ? $dtTo->format('Y-m-d H:i:s') : null, CmsUtils::getRightsAsDec(in_array('read', $rights) ? '1' : '0', in_array('write', $rights) ? '1' : '0'), $dateFrom !== null ? $dtFrom->format('Y-m-d H:i:s') : null, $dateTo !== null ? $dtTo->format('Y-m-d H:i:s') : null, CmsUtils::getRightsAsDec(in_array('read', $rights) ? '1' : '0', in_array('write', $rights) ? '1' : '0')));
} catch (\Exception $e) {
$this->formHelper->addError(null, 'Could not save right information');
}
if ($this->formHelper->hasErrors()) {
return $this->getPageRightEdit($params);
}
RequestHandler::redirect($this->baseLink . '/page/' . $pageID);
}
public function processEditUser()
{
$this->abortIfUserHasNotRights('BACKEND_USERS_EDIT');
$rightgroupModel = new RightGroupModel($this->db);
$rightgroups = array();
foreach ($rightgroupModel->getRightGroups() as $rg) {
$rightgroups[$rg->ID] = $rg->groupname;
}
$this->formHelper = new FormHelper(FormHelper::METHOD_POST);
$this->formHelper->addField('name', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please insert an username'));
$this->formHelper->addField('email', null, FormHelper::TYPE_EMAIL, true, array('missingError' => 'Please insert an e-mail address', 'invalidError' => 'Please insert a valid e-mail address'));
$this->formHelper->addField('active', null, FormHelper::TYPE_CHECKBOX, false);
$this->formHelper->addField('rightgroups', null, FormHelper::TYPE_MULTIOPTIONS, true, array('missingError' => 'Please choose at least one rightgroup', 'options' => $rightgroups));
if (!$this->formHelper->sent() || !$this->formHelper->validate()) {
return $this->getEditUser();
}
try {
if ($this->route->getParam(0) === null) {
// Create
$login = new \stdClass();
$login->username = $this->formHelper->getFieldValue('name');
$login->email = $this->formHelper->getFieldValue('email');
$login->active = $this->formHelper->getFieldValue('active');
$login->token = uniqid();
$login->registeredBy = $this->auth->getUserID();
$userID = $this->auth->signUp($login);
// Send mail
$mailer = MailFactory::getMailer();
// Create a message
$message = \Swift_Message::newInstance('Your new metanet.ch account');
$message->setFrom(array($this->core->getSettings()->logincontroller->sender_email => $this->core->getSettings()->logincontroller->sender_name));
$message->setTo(array($this->formHelper->getFieldValue('email')));
$message->setBody("Hi,\n\nYou've gotten a new account to scatter stuff at this website in all directions.\n\nTo log you in you have to choose a strong password for your new account.\n\nPlease visit this link for that: https://" . $this->httpRequest->getHost() . '/backend/restore-pw/' . $login->token . $userID);
// Send the message
$result = $mailer->send($message);
if (!$result) {
$this->formHelper->addError(null, 'The link to reset your password could not been sent to you. Sorry!');
return $this->getEditUser();
}
} else {
$userID = $this->route->getParam(0);
$stmntLogin = $this->db->prepare("\n\t\t\t\t\tUPDATE login SET name = ?, email = ?, active = ? WHERE ID = ?\n\t\t\t\t");
$this->db->update($stmntLogin, array($this->formHelper->getFieldValue('name'), $this->formHelper->getFieldValue('email'), $this->formHelper->getFieldValue('active'), $userID));
}
$removeRights = $this->db->prepare("DELETE FROM login_has_rightgroup WHERE loginIDFK = ?");
$this->db->delete($removeRights, array($userID));
$stmntInsertRight = $this->db->prepare("\n\t\t\t\tINSERT INTO login_has_rightgroup\n\t\t\t\tSET loginIDFK = ?, rightgroupIDFK = ?, datefrom = NOW()\n\t\t\t");
foreach ($this->formHelper->getFieldValue('rightgroups') as $r) {
$this->db->insert($stmntInsertRight, array($userID, $r));
}
} catch (\Exception $e) {
$this->formHelper->addError(null, 'Could not save user to database. Reason: ' . $e->getMessage());
return $this->getEditUser();
}
RequestHandler::redirect('/backend/users');
}
public function postEditNavHasEntry($params)
{
$this->formHelper = $this->generateFormEditNavHasEntry();
if (!$this->formHelper->sent() || $this->formHelper->validate() === false) {
return $this->getEditNav($params);
}
try {
$this->cmsController->getDB()->beginTransaction();
$navID = $params[0];
$entryID = $params[1];
// Get old hidden states
$stmntHidden = $this->cmsController->getDB()->prepare("\n\t\t\t\tSELECT navigation_entry_IDFK, hidden FROM navigation_has_entry WHERE navigation_IDFK = ? AND parent_navigation_entry_IDFK = ?\n\t\t\t");
$resHidden = $this->cmsController->getDB()->select($stmntHidden, array($navID, $entryID));
$hiddenStates = array();
foreach ($resHidden as $h) {
$hiddenStates[$h->navigation_entry_IDFK] = $h->hidden;
}
$stmntDelete = $this->cmsController->getDB()->prepare("\n\t\t\t\tDELETE FROM navigation_has_entry WHERE navigation_IDFK = ? AND parent_navigation_entry_IDFK = ?\n\t\t\t");
$this->cmsController->getDB()->delete($stmntDelete, array($navID, $entryID));
$stmntInsert = $this->cmsController->getDB()->prepare("\n\t\t\t\tINSERT INTO navigation_has_entry SET navigation_IDFK = ?, navigation_entry_IDFK = ?, parent_navigation_entry_IDFK = ?, sort = ?, hidden = ?\n\t\t\t");
foreach ($this->formHelper->getFieldValue('entries') as $i => $e) {
$this->cmsController->getDB()->insert($stmntInsert, array($navID, $e, $entryID, $i + 1, isset($hiddenStates[$e]) && $hiddenStates[$e] == 1 ? 1 : 0));
}
$stmntUpdateThisEntry = $this->cmsController->getDB()->prepare("\n\t\t\t\tUPDATE navigation_has_entry SET hidden = ? WHERE navigation_IDFK = ? AND navigation_entry_IDFK = ?\n\t\t\t");
$this->cmsController->getDB()->update($stmntUpdateThisEntry, array($this->formHelper->getFieldValue('hidden'), $navID, $entryID));
$this->cmsController->getDB()->commit();
} catch (\Exception $e) {
if ($e->getCode() === 23000) {
$errorMsg = 'The navigation entry <b>#' . $entryID . '</b> is already used in this navigation. Each navigation entry can only be used once per navigation.';
} else {
$errorMsg = 'Could not save navigation: ' . $e->getMessage();
}
$this->formHelper->addError(null, $errorMsg);
$this->cmsController->getDB()->rollBack();
return $this->getEditNavHasEntry($params);
}
RequestHandler::redirect($this->baseLink . '/nav/' . $navID . '/edit');
}
