public function change_password($tmp_code = null)
{
$tmp_check = false;
if (!Auth::check()) {
$code_created = new Carbon($this->tmp_code_created);
$tmp_check = !empty($this->tmp_code) && $this->tmp_code == $tmp_code && $code_created->diff(new Carbon())->days <= 7;
if (!$tmp_check) {
FormMessage::add('tmp_code', 'The code was incorrect');
return false;
}
}
$details = Request::all();
$rules = array('new_password' => 'required|confirmed|min:4');
if (!($tmp_check || Auth::check() && Auth::action('user.edit') && Auth::user()->id != $this->id)) {
$rules['current_password'] = '******';
}
$v = Validator::make($details, $rules);
if ($v->passes()) {
// check password
if (!empty($rules['current_password']) && !Hash::check($details['current_password'], $this->password)) {
FormMessage::add('current_password', 'The current password was incorrect');
return false;
}
// if user can change his password then change it
if (Auth::action('account.password', ['user_id' => $this->id]) || Auth::check() && Auth::action('user.edit')) {
$this->password = Hash::make($details['new_password']);
$this->tmp_code = '';
$this->save();
return true;
}
} else {
FormMessage::set($v->messages());
}
return false;
}
public static function make($type, $options = [])
{
if (!($view = self::getView($type))) {
return null;
}
if (!empty($options['name'])) {
$options['submitted_data'] = Request::input($options['name']);
$options['field_class'] = FormMessage::getErrorClass($options['name']);
$options['field_message'] = FormMessage::getErrorMessage($options['name']);
}
if (isset($options['disabled']) && $options['disabled']) {
$options['disabled'] = ['disabled' => 'disabled'];
} else {
$options['disabled'] = [];
}
$options = array_merge(['class' => '', 'content' => '', 'name' => '', 'note' => '', 'label' => 'None set', 'submitted_data' => '', 'field_class' => '', 'field_message' => ''], $options);
if (!empty($options['value']) && is_string($options['content']) && $options['content'] === '') {
$options['content'] = $options['value'];
}
return View::make($view, $options)->render();
}
public function login()
{
if (Request::input()) {
$userData = ['username' => Request::input('username'), 'password' => Request::input('password')];
$rememberMe = Request::input('remember') == 'yes';
if ($e = Auth::attempt($userData, $rememberMe)) {
$login_path = Request::input('login_path') ?: Cookie::get('login_path');
if (empty($login_path)) {
return \redirect()->route('coaster.admin.home');
} else {
$cookie = Cookie::forget('login_path');
return \redirect($login_path)->withCookie($cookie);
}
} else {
FormMessage::add('username', 'Username or password incorrect');
FormMessage::add('password', ' ');
}
}
$this->layoutData['content'] = View::make('coaster::pages.login');
$this->layoutData['title'] = 'Login';
return null;
}
public function forgottenPassword()
{
$view_data = array();
$rules = array('email' => 'required|email');
$validation = Validator::make(Request::all(), $rules);
if ($_POST && $validation->fails()) {
FormMessage::set($validation->messages());
} elseif ($_POST) {
$email_addr = Request::input('email');
$user = User::where('email', '=', $email_addr)->first();
if ($user !== null) {
if (!Auth::action('account.password', ['user_id' => $user->id])) {
FormMessage::add('email', 'You can\'t change the password for this account');
} else {
$code = urlencode(str_random(32) . microtime());
$user->tmp_code = $code;
$user->tmp_code_created = new Carbon();
$user->save();
Mail::send('coaster::emails.forgotten_password', array('code' => $code), function ($message) use($email_addr) {
$message->from(config('coaster::site.email'));
$message->to($email_addr);
$message->subject(config('coaster::site.name') . ': Forgotten Password');
});
$failures = Mail::failures();
if (empty($failures)) {
$view_data['success'] = 'We have sent an email to you with a link to change your password.';
} else {
FormMessage::add('email', 'There was an error sending mail, please contact <a href="mailto:support@web-feet.co.uk?Subject=' . config('coaster::site.name') . ': Forgotten Password">support</a>.');
}
}
} else {
FormMessage::add('email', 'We couldn\'t find your records.');
}
}
$this->layoutData['title'] = 'Forgotten Password';
$this->layoutData['content'] = View::make('coaster::pages.forgotten_password', $view_data);
}
/**
* Save form data and send email
* @param array $formData
* @return bool|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function submission($formData)
{
if ($form_settings = $this->_block->getContent(true)) {
$form_settings = $this->_defaultData($form_settings);
$form_rules = BlockFormRule::get_rules($form_settings->template);
$v = Validator::make($formData, $form_rules);
$captcha = Securimage::captchaCheck();
// check form rules
if ($v->passes() && !($form_settings->captcha == true && !$captcha)) {
// delete blank and system fields
unset($formData['captcha_code']);
// Save data function (override this function to save data differently)
$form_submission = $this->submissionSaveData($formData);
if (!$form_submission->id) {
FormMessage::add('submission_save_error', 'Unable to save the form.');
}
// Send email
if ($this->submissionSendEmail($formData, $form_settings)) {
$form_submission->sent = 1;
$form_submission->save();
}
Session::set('form_data', $form_submission);
return \redirect(PageBuilder::pageUrl($form_settings->page_to));
} else {
FormMessage::set($v->messages());
if (!$captcha) {
FormMessage::add('captcha_code', 'Invalid Captcha Code, try again.');
}
}
}
return false;
}
/**
* Saves page data
* @param PageVersion $pageVersion
* @param array $pagePost
* @param array $pageLangPost
* @param array $pageGroupsPost
* @param array $pageInfoOther
* @return bool
*/
public function savePostData($pageVersion, $pagePost, $pageLangPost, $pageGroupsPost, $pageInfoOther = [])
{
/*
* Post data fixes
*/
foreach ($pagePost as $k => $pagePostField) {
if (is_array($pagePostField) && array_key_exists('exists', $pagePostField)) {
$pagePost[$k] = array_key_exists('select', $pagePostField) ? $pagePostField['select'] : 0;
}
}
if (array_key_exists('live_start', $pagePost)) {
$pagePost['live_start'] = DateTimeHelper::jQueryToMysql($pagePost['live_start']) ?: null;
}
if (array_key_exists('live_end', $pagePost)) {
$pagePost['live_end'] = DateTimeHelper::jQueryToMysql($pagePost['live_end']) ?: null;
}
foreach ($pageInfoOther as $k => $pageInfoOtherField) {
if (is_array($pageInfoOtherField) && array_key_exists('exists', $pageInfoOtherField) && array_key_exists('select', $pageInfoOtherField)) {
$pageInfoOther[$k] = $pageInfoOtherField['select'];
}
}
/*
* Overwrite default/existing data with posted data
*/
$pageDefaults = array_merge(['template' => 0, 'parent' => 0, 'child_template' => 0, 'order' => 0, 'group_container' => 0, 'group_container_url_priority' => 0, 'canonical_parent' => 0, 'link' => 0, 'live' => 0, 'sitemap' => 1, 'live_start' => null, 'live_end' => null], $this->getAttributes());
foreach ($pageDefaults as $pageAttribute => $pageDefault) {
$this->{$pageAttribute} = $pageDefault;
switch ($pageAttribute) {
case 'template':
$pageVersion->{$pageAttribute} = $pagePost[$pageAttribute];
break;
default:
$this->{$pageAttribute} = array_key_exists($pageAttribute, $pagePost) ? $pagePost[$pageAttribute] : $this->{$pageAttribute};
}
}
if (!$this->pageCurrentLang) {
$this->setRelation('pageCurrentLang', ($d = $this->pageDefaultLang) ? $d->replicate() : new PageLang());
unset($this->pageCurrentLang->language_id);
}
$pageLang = $this->pageLang();
$pageLangDefaults = array_merge(['language_id' => Language::current(), 'url' => '', 'name' => '', 'live_version' => 1], $pageLang->getAttributes());
foreach ($pageLangDefaults as $pageLangAttribute => $pageLangDefault) {
$pageLang->{$pageLangAttribute} = array_key_exists($pageLangAttribute, $pageLangPost) ? $pageLangPost[$pageLangAttribute] : $pageLangDefault;
}
/*
* Check page parent exists if set and page limit is not hit
*/
$parent = static::find($this->parent);
if ($this->parent > 0 && !$parent) {
return false;
}
if (!$this->id && !$this->link && static::at_limit($this->parent == -1)) {
return false;
}
/*
* Check page name/url set and does not conflict
*/
$pageLang->url = trim($pageLang->url);
if (!$this->link) {
$pageLang->url = strtolower(str_replace(['/', ' '], '-', $pageLang->url));
if (preg_match('#^[-]+$#', $pageLang->url)) {
$pageLang->url = '';
}
if ($pageLang->url == '' && !$this->parent) {
$pageLang->url = '/';
}
$siblings = [];
foreach ($pageGroupsPost as $pageGroupId => $checkedVal) {
$pageGroup = PageGroup::preload($pageGroupId);
$siblings = array_merge($pageGroup->exists ? $pageGroup->itemPageIds() : [], $siblings);
}
if ($this->parent >= 0) {
$siblings = array_merge(static::getChildPageIds($this->parent), $siblings);
}
$siblings = array_unique($siblings);
}
if (!$pageLang->name) {
FormMessage::add('page_info_lang[name]', 'page name required');
}
if (!$pageLang->url) {
FormMessage::add('page_info_lang[url]', 'page url required');
}
if (!empty($siblings)) {
$same_level = PageLang::where('url', '=', $pageLang->url)->whereIn('page_id', $siblings);
$same_level = $this->id ? $same_level->where('page_id', '!=', $this->id) : $same_level;
if (!$same_level->get()->isEmpty()) {
FormMessage::add('page_info_lang[url]', 'url in use by another page!');
$pageLang->url = '';
}
}
if (!$pageLang->name || !$pageLang->url) {
return false;
}
/*
* If adding a page as a group container, create container / check exists
*/
if ($this->group_container == -1) {
$groupContainer = new PageGroup();
$groupContainer->name = $pageLang->name;
$groupContainer->item_name = 'Page';
$groupContainer->default_template = 0;
$groupContainer->save();
$this->group_container = $groupContainer->id;
} elseif ($this->group_container) {
$groupContainer = PageGroup::preload($this->group_container);
if (!$groupContainer->exists || $pageDefaults['group_container'] != $this->group_container && !$groupContainer->canEditItems()) {
$this->group_container = 0;
}
}
/*
* Check if page info can be updated (based on publishing auth action, or allowed if new page)
*/
$authPageIdCheck = $this->id ?: ($this->parent > 0 ? $this->parent : 0);
$canPublish = config('coaster::admin.publishing') > 0 && Auth::action('pages.version-publish', ['page_id' => $authPageIdCheck]) || config('coaster::admin.publishing') == 0 && Auth::action('pages.edit', ['page_id' => $authPageIdCheck]);
$canPublish = $canPublish || isset($groupContainer) && (config('coaster::admin.publishing') > 0 && $groupContainer->canPublishItems() || config('coaster::admin.publishing') == 0 && $groupContainer->canEditItems());
$willPublish = !$this->id || $canPublish;
/*
* Check and save page changes
*/
if ($willPublish) {
// if new page set as last ordered page
if ($this->parent >= 0 && !$this->id) {
$lastSibling = static::where('parent', '=', $this->parent)->orderBy('order', 'desc')->first();
$this->order = $lastSibling ? $lastSibling->order + 1 : 1;
}
// if new page publish template
$this->template = $this->id ? $this->template : $pageVersion->template;
// if link remove live template
$this->template = $this->link ? 0 : $this->template;
// set page live between but no dates set set as hidden, or if can't publish set as hidden
$this->live = $this->live == 2 && is_null($this->live_end) && is_null($this->live_start) ? 0 : $this->live;
$this->live = $canPublish ? $this->live : 0;
// save page data
$this->save();
$pageLang->page_id = $this->id;
$pageLang->save();
}
$pageVersion->page_id = $this->id;
$pageVersion->save();
/*
* Update title block to the page name is new page
*/
if (!$this->id && ($titleBlock = Block::where('name', '=', config('coaster::admin.title_block'))->first())) {
$titleBlock->setVersionId($pageVersion->version_id)->setPageId($this->id)->getTypeObject()->save($pageLang->name);
PageSearchData::updateText(strip_tags($pageLang->name), 0, $this->id);
}
/*
* Save Page Groups
*/
$currentGroupIds = $this->groupIds();
$newGroupIds = array_keys($pageGroupsPost);
PageGroupPage::where('page_id', '=', $this->id)->whereIn('group_id', array_diff($currentGroupIds, $newGroupIds))->delete();
foreach (array_diff($newGroupIds, $currentGroupIds) as $addGroupId) {
$this->groups()->attach($addGroupId);
}
/*
* Save other page info
*/
if ($willPublish && Auth::action('menus')) {
MenuItem::set_page_menus($this->id, array_key_exists('menus', $pageInfoOther) ? $pageInfoOther['menus'] : []);
}
if ($canPublish && array_key_exists('beacons', $pageInfoOther) && Auth::action('themes.beacons-update')) {
BlockBeacon::updatePage($this->id, $pageInfoOther['beacons']);
}
return true;
}
public function installTheme()
{
$details = Request::all();
$error = false;
if (!empty($details['theme'])) {
if (!($error = Theme::unzip($details['theme'] . '.zip', false))) {
$withPageData = !empty($details['page-data']) ? 1 : 0;
$result = Theme::install($details['theme'], ['withPageData' => $withPageData]);
if ($result['error']) {
$error = $result['response'];
}
if (($usedThemeSetting = Setting::where('name', '=', 'frontend.theme')->first()) && ($theme = Theme::where('theme', '=', $details['theme'])->first())) {
$usedThemeSetting->value = $theme->id;
$usedThemeSetting->save();
}
}
}
if ($error) {
FormMessage::add('theme', $error);
$this->setupTheme();
} else {
include __DIR__ . '/../../Http/routes/admin.php';
Install::setInstallState('complete-welcome');
$this->layoutData['title'] = 'Install Complete';
$this->layoutData['content'] = View::make('coaster::pages.install', ['stage' => 'complete']);
}
}
/**
* Repeater form submission
* @param array $formData
* @return null|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function submission($formData)
{
$formRules = BlockFormRule::get_rules($this->_block->name . '-form');
$v = Validator::make($formData, $formRules);
if ($v->passes()) {
foreach ($formData as $blockName => $content) {
$fieldBlock = Block::preload($blockName);
if ($fieldBlock->exists) {
if ($fieldBlock->type == 'datetime' && empty($content)) {
$content = new Carbon();
}
$formData[$blockName] = $content;
}
}
$this->insertRow($formData);
Email::sendFromFormData([$this->_block->name . '-form'], $formData, config('coaster::site.name') . ': New Form Submission - ' . $this->_block->label);
return \redirect(Request::url());
} else {
FormMessage::set($v->messages());
}
return null;
}
public static function updateUrl($uniqueId, $pageId)
{
$beacon = self::where('unique_id', '=', $uniqueId)->first();
if (empty($beacon)) {
FormMessage::add('page_info_other[beacons]', 'A selected beacon was not found');
} else {
$beaconUrl = URL::to('/');
$beaconUrlParts = parse_url($beaconUrl);
$beaconUrlEncoded = '02' . bin2hex($beaconUrlParts['host']);
if ($pageId) {
$pageUrl = Path::getFullUrl($pageId);
$pageUrl = URL::to($pageUrl);
try {
$bitlyResponse = json_decode(self::_bitly()->request('GET', 'v3/shorten', ['query' => ['access_token' => config('coaster::key.bitly'), 'longUrl' => $pageUrl . '?beacon_id=' . $uniqueId]])->getBody());
if ($bitlyResponse->status_code == 200) {
$beaconUrl = 'http://bit.ly/' . $bitlyResponse->data->hash;
$beaconUrlEncoded = '02' . bin2hex('bit.ly/' . $bitlyResponse->data->hash);
} else {
FormMessage::add('page_info_other[beacons]', 'Error generating bit.ly url (response: ' . $bitlyResponse->status_txt . ')');
return 0;
}
} catch (RequestException $e) {
FormMessage::add('page_info_other[beacons]', 'Error generating bit.ly url (response: ' . $e->getCode() . ')');
return 0;
}
}
if ($beacon->url == $beaconUrl && $beacon->page_id == $pageId) {
return 1;
}
try {
self::_client()->request('POST', 'config/delete', ['query' => ['uniqueId' => $uniqueId]]);
self::_client()->request('POST', 'config/create', ['query' => ['uniqueId' => $uniqueId, 'deviceType' => 'beacon', 'url' => $beaconUrlEncoded]])->getBody();
$beacon->page_id = $pageId;
$beacon->url = $beaconUrl;
$beacon->save();
return 1;
} catch (RequestException $e) {
$error = json_decode($e->getResponse()->getBody());
FormMessage::add('page_info_other[beacons]', 'Error updating device config with new URL (' . $error->status . ': ' . $error->message . ')');
}
}
return 0;
}
public function postAdd()
{
$authUser = Auth::user();
$v = Validator::make(Request::all(), array('email' => 'required|email', 'role' => 'required|integer'));
$perm_issue = true;
$role = UserRole::find(Request::input('role'));
if (!empty($role) && $role->admin <= $authUser->role->admin) {
$perm_issue = false;
}
if ($v->passes() && !$perm_issue) {
$password = str_random(8);
$new_user = new User();
$new_user->email = Request::input('email');
$new_user->role_id = Request::input('role');
$new_user->password = Hash::make($password);
$new_user->save();
AdminLog::new_log('User \'' . $new_user->email . '\' added');
Mail::send('coaster::emails.new_account', array('email' => $new_user->email, 'password' => $password), function ($message) use($new_user) {
$message->from(config('coaster::site.email'));
$message->to($new_user->email);
$message->subject(config('coaster::site.name') . ': New Account Details');
});
$failures = Mail::failures();
if (empty($failures)) {
$email_message = 'An email has been sent to the new user with their login details.';
$email_status = 'success';
} else {
$email_message = 'There was an error sending the login details to the new user.';
$email_status = 'warning';
}
$this->layoutData['content'] = View::make('coaster::pages.users.add', array('success' => true, 'password' => $password, 'email_message' => $email_message, 'email_status' => $email_status));
} else {
FormMessage::set($v->messages());
if ($perm_issue) {
FormMessage::add('role', 'Don\'t have permission to create user with this role, or doesn\'t exist');
}
$this->getAdd();
}
}
