/** * Create CAPTCHA token * * @param int $reload * @return Captcha */ public function createToken($reload = null) { $sess = Session::getInstance(); ob_start(); include __DIR__ . '/../../../phire/view/captcha.phtml'; $captcha = ob_get_clean(); // If reload, or captcha token doesn't exist, create new one if (null !== $reload || !isset($sess->pop_captcha)) { $token = ['captcha' => $captcha, 'value' => Random::create($this->length, Random::ALPHANUM | Random::UPPERCASE), 'expire' => (int) $this->expire, 'start' => time()]; $sess->pop_captcha = serialize($token); // Else, check existing token } else { $token = unserialize($sess->pop_captcha); if ($token['value'] == '') { $token = ['captcha' => $captcha, 'value' => Random::create($this->length, Random::ALPHANUM | Random::UPPERCASE), 'expire' => (int) $this->expire, 'start' => time()]; $sess->pop_captcha = serialize($token); // Check to see if the token has expired } else { if ($token['expire'] > 0) { if ($token['expire'] + $token['start'] < time()) { $token = ['captcha' => $captcha, 'value' => Random::create($this->length, Random::ALPHANUM | Random::UPPERCASE), 'expire' => (int) $this->expire, 'start' => time()]; $sess->pop_captcha = serialize($token); } } } } $this->token = $token; return $this; }
/** * Constructor method to instantiate the default controller object * * @param Request $request * @param Response $response * @param Project $project * @param string $viewPath * @return self */ public function __construct(Request $request = null, Response $response = null, Project $project = null, $viewPath = null) { if (null === $viewPath) { $cfg = $project->module('Phire')->asArray(); $viewPath = __DIR__ . '/../../../../../view/phire/install'; if (isset($cfg['view'])) { $class = get_class($this); if (is_array($cfg['view']) && isset($cfg['view'][$class])) { $viewPath = $cfg['view'][$class]; } else { if (is_array($cfg['view']) && isset($cfg['view']['*'])) { $viewPath = $cfg['view']['*'] . '/install'; } else { if (is_string($cfg['view'])) { $viewPath = $cfg['view'] . '/install'; } } } } } $lang = isset($_GET['lang']) ? $_GET['lang'] : 'en_US'; if (!defined('POP_LANG')) { define('POP_LANG', $lang); } $this->i18n = I18n::factory(); $this->i18n->loadFile($_SERVER['DOCUMENT_ROOT'] . BASE_PATH . APP_PATH . '/vendor/Phire/data/assets/i18n/' . $this->i18n->getLanguage() . '.xml'); parent::__construct($request, $response, $project, $viewPath); $this->sess = Session::getInstance(); }
/** * Get sort order * * @param string $sort * @param string $page * @param string $ord * @return array */ public function getSortOrder($sort = null, $page = null, $ord = 'ASC') { $field = 'id'; $order = $ord; $sess = null; if (stripos(php_sapi_name(), 'cli') === false || stripos(php_sapi_name(), 'server') !== false) { $sess = Session::getInstance(); } if (null !== $sort) { if (null !== $sess && $page != $sess->lastPage) { if ($sort != $sess->lastSortField) { $field = $sort; $order = $ord; } else { $field = $sess->lastSortField; $order = $sess->lastSortOrder; } } else { $field = $sort; if (null !== $sess && isset($sess->lastSortOrder)) { $order = $sess->lastSortOrder == 'ASC' ? 'DESC' : 'ASC'; } else { $order = $ord; } } } if (null !== $sess) { $sess->lastSortField = $field; $sess->lastSortOrder = $order; $sess->lastPage = $page; } return $field . ' ' . $order; }
/** * Set the field values * * @param array $values * @return Unsubscribe */ public function setFieldValues(array $values = null) { parent::setFieldValues($values); if ($_POST && null !== $this->email) { $member = Table\Users::findBy(['email' => $this->email]); if (!isset($member->id)) { $this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email does not exist.')); } else { if (null !== $member->role_id) { $sess = \Pop\Web\Session::getInstance(); $requireLogin = true; $role = Table\Roles::findById($member->role_id); if (isset($role->id) && null !== $role->permissions) { $permissions = unserialize($role->permissions); if (isset($permissions['deny'])) { foreach ($permissions['deny'] as $deny) { if ($deny['resource'] == 'member-login') { $requireLogin = false; } } } } if ($requireLogin) { if (!isset($sess->member) || isset($sess->member) && $sess->member->id != $member->id) { $memberAdmin = new \Phire\Members\Model\MembersAdmin(); $memberAdmin->getByRoleId($member->role_id); $memberUri = isset($memberAdmin->uri) ? $memberAdmin->uri : APP_URI; $this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'You must <a href="' . BASE_PATH . $memberUri . '/login">log in</a> to unsubscribe.')); } } } } } return $this; }
/** * Constructor method to instantiate the user controller object * * @param Request $request * @param Response $response * @param Project $project * @param string $viewPath * @return self */ public function __construct(Request $request = null, Response $response = null, Project $project = null, $viewPath = null) { // Create the session object and get the user type $this->sess = Session::getInstance(); $this->type = $project->getService('acl')->getType(); if (null === $viewPath) { $cfg = $project->module('Phire')->asArray(); $viewPath = __DIR__ . '/../../../../view/phire'; if (isset($cfg['view'])) { $class = get_class($this); if (is_array($cfg['view']) && isset($cfg['view'][$class])) { $viewPath = $cfg['view'][$class]; } else { if (is_array($cfg['view']) && isset($cfg['view']['*'])) { $viewPath = $cfg['view']['*']; } else { if (is_string($cfg['view'])) { $viewPath = $cfg['view']; } } } } // If it is not a user, or a user globally logged into another area if (strtolower($this->type->type) != 'user' && !$this->type->global_access || substr($_SERVER['REQUEST_URI'], 0, strlen(BASE_PATH . APP_URI)) != BASE_PATH . APP_URI) { $site = Table\Sites::getSite(); $theme = Table\Extensions::findBy(array('type' => 0, 'active' => 1), null, 1); $themePath = $site->document_root . $site->base_path . CONTENT_PATH . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $this->type->type; $activeThemePath = null; if (isset($theme->rows[0])) { $activeThemePath = $site->document_root . $site->base_path . CONTENT_PATH . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $theme->rows[0]->name . DIRECTORY_SEPARATOR . $this->type->type; } if (null !== $activeThemePath && file_exists($activeThemePath)) { $viewPath = $activeThemePath; } else { if (file_exists($themePath)) { $viewPath = $themePath; } } } } // Set the correct base path and user URI based on user type if (get_called_class() == 'Phire\\Controller\\Phire\\IndexController') { $basePath = strtolower($this->type->type) != 'user' ? BASE_PATH . '/' . strtolower($this->type->type) : BASE_PATH . APP_URI; $request = new Request(null, $basePath); } parent::__construct($request, $response, $project, $viewPath); }
/** * Constructor method to instantiate the default controller object * * @param Request $request * @param Response $response * @param Project $project * @param string $viewPath * @return self */ public function __construct(Request $request = null, Response $response = null, Project $project = null, $viewPath = null) { if (null === $viewPath) { $cfg = $project->module('Phire')->asArray(); $viewPath = __DIR__ . '/../../../../../view/phire/structure'; if (isset($cfg['view'])) { $class = get_class($this); if (is_array($cfg['view']) && isset($cfg['view'][$class])) { $viewPath = $cfg['view'][$class]; } else { if (is_array($cfg['view']) && isset($cfg['view']['*'])) { $viewPath = $cfg['view']['*'] . '/structure'; } else { if (is_string($cfg['view'])) { $viewPath = $cfg['view'] . '/structure'; } } } } } parent::__construct($request, $response, $project, $viewPath); $this->sess = Session::getInstance(); }
/** * Get all modules * * @param \Pop\Module\Manager $moduleManager * @param \Pop\Acl\Acl $acl * @param int $limit * @param int $page * @param string $sort * @return array */ public function getAll(\Pop\Module\Manager $moduleManager, \Pop\Acl\Acl $acl, $limit = null, $page = null, $sort = null) { $order = null !== $sort ? $this->getSortOrder($sort, $page) : 'order, id ASC'; if (null !== $limit) { $page = null !== $page && (int) $page > 1 ? $page * $limit - $limit : null; $modules = Table\Modules::findAll(['offset' => $page, 'limit' => $limit, 'order' => $order])->rows(); } else { $modules = Table\Modules::findAll(['order' => $order])->rows(); } $sess = Session::getInstance(); foreach ($modules as $module) { if (isset($moduleManager[$module->name]) && isset($moduleManager[$module->name]->config()['nav.module'])) { $module->nav = new Nav([$moduleManager[$module->name]->config()['nav.module']], ['top' => ['class' => 'module-nav']]); $module->nav->setBaseUrl(BASE_PATH . APP_URI); $module->nav->setAcl($acl); $module->nav->setRole($acl->getRole($sess->user->role)); $module->nav->setIndent(' '); } else { $module->nav = null; } } return $modules; }
/** * Save site * * @param \Pop\Form\Form $form * @return void */ public function save(\Pop\Form\Form $form) { $fields = $form->getFields(); $docRoot = substr($fields['document_root'], -1) == '/' && substr($fields['document_root'], -1) == "\\" ? substr($fields['document_root'], 0, -1) : $fields['document_root']; if ($fields['base_path'] != '') { $basePath = substr($fields['base_path'], 0, 1) != '/' && substr($fields['base_path'], 0, 1) != "\\" ? '/' . $fields['base_path'] : $fields['base_path']; if (substr($basePath, -1) == '/' && substr($basePath, -1) == "\\") { $basePath = substr($basePath, 0, -1); } } else { $basePath = ''; } $site = new Table\Sites(array('domain' => $fields['domain'], 'document_root' => str_replace('\\', '/', $docRoot), 'base_path' => str_replace('\\', '/', $basePath), 'title' => $fields['title'], 'force_ssl' => (int) $fields['force_ssl'], 'live' => (int) $fields['live'])); $site->save(); $this->data['id'] = $site->id; $user = Table\Users::findById($this->data['user']->id); $siteIds = unserialize($user->site_ids); $siteIds[] = $site->id; $user->site_ids = serialize($siteIds); $user->update(); $sess = \Pop\Web\Session::getInstance(); $sess->user->site_ids = $siteIds; FieldValue::save($fields, $site->id); $this->createFolders($docRoot, $basePath); // Copy any themes over $themes = Table\Extensions::findAll(null, array('type' => 0)); if (isset($themes->rows[0])) { $themePath = $docRoot . $basePath . CONTENT_PATH . '/extensions/themes'; foreach ($themes->rows as $theme) { if (!file_exists($themePath . '/' . $theme->name)) { copy($_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . BASE_PATH . DIRECTORY_SEPARATOR . CONTENT_PATH . DIRECTORY_SEPARATOR . 'extensions' . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . $theme->file, $themePath . '/' . $theme->file); $archive = new \Pop\Archive\Archive($themePath . '/' . $theme->file); $archive->extract($themePath . '/'); if ((stripos($theme->file, 'gz') || stripos($theme->file, 'bz')) && file_exists($themePath . '/' . $theme->name . '.tar')) { unlink($themePath . '/' . $theme->name . '.tar'); } } } } }
/** * Update user * * @param \Pop\Form\Form $form * @param \Pop\Config $config * @return void */ public function update(\Pop\Form\Form $form, $config) { $encOptions = $config->encryptionOptions->asArray(); $fields = $form->getFields(); $type = Table\UserTypes::findById($fields['type_id']); $user = Table\Users::findById($fields['id']); if (isset($user->id)) { // If there's a new password, set according to the user type if ($fields['password1'] != '' && $fields['password2'] != '') { $user->password = self::encryptPassword($fields['password1'], $type->password_encryption, $encOptions); } // Set role if (isset($fields['role_id'])) { $roleId = $fields['role_id'] == 0 ? null : $fields['role_id']; } else { $roleId = $user->role_id; } // Set verified and attempts $verified = isset($fields['verified']) ? $fields['verified'] : $user->verified; $failedAttempts = isset($fields['failed_attempts']) ? $fields['failed_attempts'] : $user->failed_attempts; $first = null === $user->role_id && null === $user->logins && $type->login; if (isset($fields['profile']) && $fields['profile']) { $siteIds = $user->site_ids; } else { $siteIds = isset($fields['site_ids']) ? serialize($fields['site_ids']) : serialize(array()); } // Save the user's updated data $user->role_id = $roleId; $user->username = isset($fields['username']) ? $fields['username'] : $fields['email1']; $user->email = $fields['email1']; $user->verified = $verified; $user->failed_attempts = $failedAttempts; $user->site_ids = $siteIds; $user->updated = date('Y-m-d H:i:s'); $sess = Session::getInstance(); if (isset($fields['reset_pwd']) && $fields['reset_pwd']) { $user->updated_pwd = date('Y-m-d H:i:s'); unset($sess->reset_pwd); } $sess->last_user_id = $user->id; if ($sess->user->id == $user->id) { $sess->user->username = $user->username; $sess->user->site_ids = unserialize($siteIds); } $user->update(); $this->data['id'] = $user->id; FieldValue::update($fields, $user->id); // Send verification if needed if ($first) { $this->sendApproval($user, $type); } } }
<?php /** * Module Name: phire-sessions * Author: Nick Sagona * Description: This is the sessions module for Phire CMS 2 * Version: 1.0 */ return ['phire-sessions' => ['prefix' => 'Phire\\Sessions\\', 'src' => __DIR__ . '/../src', 'routes' => include 'routes.php', 'resources' => include 'resources.php', 'forms' => include 'forms.php', 'nav.phire' => ['sessions' => ['name' => 'Sessions', 'href' => '/sessions', 'acl' => ['resource' => 'sessions', 'permission' => 'index'], 'attributes' => ['class' => 'sessions-nav-icon'], 'children' => ['logins' => ['name' => 'Logins', 'href' => 'logins', 'acl' => ['resource' => 'sessions', 'permission' => 'logins']]]]], 'nav.module' => ['name' => 'Sessions Config', 'href' => '/sessions/config', 'acl' => ['resource' => 'sessions-config', 'permission' => 'index']], 'events' => [['name' => 'app.send.pre', 'action' => 'Phire\\Sessions\\Event\\UserSession::login'], ['name' => 'app.send.pre', 'action' => 'Phire\\Sessions\\Event\\UserSession::dashboard'], ['name' => 'app.dispatch.pre', 'action' => 'Phire\\Sessions\\Event\\UserSession::logout']], 'uninstall' => function () { if (isset($_SERVER['REMOTE_ADDR'])) { $path = BASE_PATH . APP_URI; if ($path == '') { $path = '/'; } $cookie = \Pop\Web\Cookie::getInstance(['path' => $path]); $cookie->delete('phire_session_timeout'); $cookie->delete('phire_session_path'); $sess = \Pop\Web\Session::getInstance(); if (isset($sess->user) && isset($sess->user->session)) { unset($sess->user->session); } } }, 'header' => __DIR__ . '/../view/phire/header.phtml', 'footer' => __DIR__ . '/../view/phire/footer.phtml', 'clear_sessions' => 86400, 'multiple_session_warning' => false, 'login_limit' => 500]];
/** * Create nav tree from content type * * @param mixed $type * @param int $navId * @return void */ protected function createNavFrom($type, $navId) { if ($type == 'categories') { $category = new \Phire\Categories\Model\Category(); $contentAry = $category->getAll(); $cat = true; } else { $sess = Session::getInstance(); unset($sess->lastSortField); unset($sess->lastSortOrder); unset($sess->lastPage); $content = new \Phire\Content\Model\Content(); $contentAry = $content->getAll($type, 'id'); $cat = false; } foreach ($contentAry as $c) { $item = new Table\NavigationItems(['navigation_id' => $navId, 'item_id' => $c->id, 'type' => $cat ? 'category' : 'content', 'name' => $c->title, 'href' => $cat ? '/category' . $c->uri : $c->uri, 'order' => 0]); $item->save(); if (isset($c->status) && $c->status == 1 || !isset($c->status)) { $this->createNavChildren($item->id, $navId, $c, 0, $cat); } } }
function __construct() { $this->session = S::getInstance(); }
/** * Get all content by type ID * * @param int $typeId * @return array */ public function getAllByTypeId($typeId) { $type = new ContentType(); $type->getById($typeId); $contentAry = Table\Content::findBy(['type_id' => $typeId, 'status' => 1], ['order' => 'order, id ASC'])->rows(); $ary = []; foreach ($contentAry as $cont) { if (class_exists('Phire\\Fields\\Model\\FieldValue')) { $c = \Phire\Fields\Model\FieldValue::getModelObject('Phire\\Content\\Model\\Content', [$cont->id]); $data = $c->toArray(); } else { $data = (array) $cont; } $c = $this->setContent($data); $sess = \Pop\Web\Session::getInstance(); if (is_array($c['roles']) && count($c['roles']) > 0) { if (isset($sess->user) && in_array($sess->user->role_id, $c['roles']) || isset($sess->member) && in_array($sess->member->role_id, $c['roles'])) { $ary[] = $c; } } else { $ary[] = $c; } } return $ary; }
/** * Get the init field values * * @param int $tid * @param boolean $profile * @param int $uid * @param string $action * @param boolean $register * @return array */ protected function getInitFields($tid = 0, $profile = false, $uid = 0, $action, $register = false) { $type = Table\UserTypes::findById($tid); $fields1 = array(); // Continue setting up initial user fields $fields1['email1'] = array('type' => 'text', 'label' => $this->i18n->__('Email'), 'required' => true, 'attributes' => array('size' => 30), 'validators' => new Validator\Email()); if ($type->email_verification) { $fields1['email2'] = array('type' => 'text', 'label' => $this->i18n->__('Re-Type Email'), 'required' => true, 'attributes' => array('size' => 30), 'validators' => new Validator\Email()); } // If not email as username, create username field if (!$type->email_as_username) { $fields2 = array('username' => array('type' => 'text', 'label' => $this->i18n->__('Username'), 'required' => true, 'attributes' => array('size' => 30), 'validators' => array(new Validator\AlphaNumeric(), new Validator\LengthGte(4)))); if ($uid != 0) { $fields2['username']['attributes']['onkeyup'] = "phire.updateTitle('#username-title', this);"; } } else { $fields2 = array(); if ($uid != 0) { $fields1['email1']['attributes']['onkeyup'] = "phire.updateTitle('#username-title', this);"; } } // Continue setting up initial user fields if ($type->login) { $fields3 = array('password1' => array('type' => 'password', 'label' => $this->i18n->__('Enter Password'), 'required' => true, 'attributes' => array('size' => 30), 'validators' => new Validator\LengthGte(6)), 'password2' => array('type' => 'password', 'label' => $this->i18n->__('Re-Type Password'), 'required' => true, 'attributes' => array('size' => 30), 'validators' => new Validator\LengthGte(6))); } else { $fields3 = array(); } $fieldGroups = array(); $dynamicFields = false; $model = str_replace('Form', 'Model', get_class($this)); $newFields = \Phire\Model\Field::getByModel($model, $tid, $uid); if ($newFields['dynamic']) { $dynamicFields = true; } if ($newFields['hasFile']) { $this->hasFile = true; } foreach ($newFields as $key => $value) { if (is_numeric($key)) { $fieldGroups[] = $value; } } $fields4 = array(); if ($register) { $site = Table\Sites::getSite(); if ($type->use_csrf) { $fields4['csrf'] = array('type' => 'csrf', 'value' => \Pop\Filter\String::random(8)); } if ($type->use_captcha) { $fields4['captcha'] = array('type' => 'captcha', 'label' => $this->i18n->__('Enter Code'), 'captcha' => '<br /><img id="captcha-image" src="' . $site->base_path . '/captcha" /><br /><a class="reload-link" href="#" onclick="document.getElementById(\'captcha-image\').src = \'' . $site->base_path . '/captcha?reload=1\';return false;">' . $this->i18n->__('Reload') . '</a>', 'attributes' => array('size' => 5)); } } // Finish the initial fields $fields4['submit'] = array('type' => 'submit', 'value' => strpos($action, '/register') !== false ? $this->i18n->__('REGISTER') : $this->i18n->__('SAVE'), 'attributes' => array('class' => strpos($action, '/install/user') !== false || $profile ? 'update-btn' : 'save-btn')); if ($profile) { $fields4['submit']['label'] = ' '; $fields4['submit']['attributes']['style'] = 'width: 250px;'; $fields4['profile'] = array('type' => 'hidden', 'value' => 1); $sess = \Pop\Web\Session::getInstance(); if (isset($sess->reset_pwd)) { $fields4['reset_pwd'] = array('type' => 'hidden', 'value' => 1); } } if (!$profile) { $fields4['update'] = array('type' => 'button', 'value' => $this->i18n->__('Update'), 'attributes' => array('onclick' => "return phire.updateForm('#user-form', " . ($this->hasFile || $dynamicFields ? 'true' : 'false') . ");", 'class' => 'update-btn')); } $fields4['type_id'] = array('type' => 'hidden', 'value' => $tid); $fields4['id'] = array('type' => 'hidden', 'value' => 0); if (!$profile) { $fields4['update_value'] = array('type' => 'hidden', 'value' => 0); } // If not profile if (!$profile) { // Get roles for user type $rolesAry = array('0' => '(' . $this->i18n->__('Blocked') . ')'); if ($tid != 0) { $roles = Table\UserRoles::findBy(array('type_id' => $tid), 'id ASC'); foreach ($roles->rows as $role) { $rolesAry[$role->id] = $role->name; } } $siteIds = array('0' => $_SERVER['HTTP_HOST']); $sites = Table\Sites::findAll(); foreach ($sites->rows as $site) { $siteIds[(string) $site->id] = $site->domain; } $fields4['role_id'] = array('type' => 'select', 'required' => true, 'label' => $this->i18n->__('User Role'), 'value' => $rolesAry, 'marked' => $type->default_role_id); $fields4['verified'] = array('type' => 'select', 'label' => $this->i18n->__('Verified'), 'value' => array('1' => $this->i18n->__('Yes'), '0' => $this->i18n->__('No')), 'marked' => '0'); $fields4['failed_attempts'] = array('type' => 'text', 'label' => $this->i18n->__('Failed Attempts'), 'attributes' => array('size' => 3)); $fields4['site_ids'] = array('type' => 'checkbox', 'label' => $this->i18n->__('Allowed Sites'), 'value' => $siteIds); } if (strpos($action, '/install/user') !== false || $profile) { $allFields = array($fields1, $fields2, $fields3); if (count($fieldGroups) > 0) { foreach ($fieldGroups as $fg) { $allFields[] = $fg; } } $allFields[] = $fields4; } else { $allFields = array($fields4, $fields1, $fields2, $fields3); if (count($fieldGroups) > 0) { foreach ($fieldGroups as $fg) { $allFields[] = $fg; } } } return $allFields; }
/** * Install config method * * @param mixed $form * @param string $docRoot * @return void */ public function config($form, $docRoot = null) { if (null === $docRoot) { $docRoot = $_SERVER['DOCUMENT_ROOT'] . BASE_PATH; } // Get config file contents $cfgFile = new File($docRoot . '/config.php'); $config = $cfgFile->read(); // Get DB interface and type if (strpos($form->db_adapter, 'Pdo') !== false) { $dbInterface = 'Pdo'; $dbType = strtolower(substr($form->db_adapter, strrpos($form->db_adapter, '\\') + 1)); } else { $dbInterface = html_entity_decode($form->db_adapter, ENT_QUOTES, 'UTF-8'); $dbType = null; } // If DB is SQLite if (strpos($form->db_adapter, 'Sqlite') !== false) { touch($docRoot . $form->content_path . '/.htphire.sqlite'); $relativeDbName = "__DIR__ . '" . $form->content_path . '/.htphire.sqlite'; $dbName = realpath($docRoot . $form->content_path . '/.htphire.sqlite'); $dbUser = null; $dbPassword = null; $dbHost = null; $installFile = $dbName; chmod($dbName, 0777); } else { $relativeDbName = null; $dbName = $form->db_name; $dbUser = $form->db_username; $dbPassword = $form->db_password; $dbHost = $form->db_host; $installFile = null; } $dbPrefix = $form->db_prefix; // Set config values $config = str_replace("define('CONTENT_PATH', '/phire-content');", "define('CONTENT_PATH', '" . $form->content_path . "');", $config); $config = str_replace("define('APP_URI', '/phire');", "define('APP_URI', '" . $form->app_uri . "');", $config); $config = str_replace("define('DB_INTERFACE', '');", "define('DB_INTERFACE', '" . $dbInterface . "');", $config); $config = str_replace("define('DB_TYPE', '');", "define('DB_TYPE', '" . $dbType . "');", $config); $config = str_replace("define('DB_NAME', '');", "define('DB_NAME', " . (null !== $relativeDbName ? $relativeDbName : "'" . $dbName) . "');", $config); $config = str_replace("define('DB_USER', '');", "define('DB_USER', '" . $dbUser . "');", $config); $config = str_replace("define('DB_PASS', '');", "define('DB_PASS', '" . $dbPassword . "');", $config); $config = str_replace("define('DB_HOST', '');", "define('DB_HOST', '" . $dbHost . "');", $config); $config = str_replace("define('DB_PREFIX', '');", "define('DB_PREFIX', '" . $dbPrefix . "');", $config); $this->data['configWritable'] = is_writable($docRoot . '/config.php'); if ($form instanceof \Pop\Form\Form) { // Store the config values in session in case config file is not writable. $sess = Session::getInstance(); $sess->config = serialize(htmlentities($config, ENT_QUOTES, 'UTF-8')); $sess->app_uri = $form->app_uri; } if ($this->data['configWritable']) { $cfgFile->write($config)->save(); } // Install the database $sqlFile = __DIR__ . '/../../../data/phire.' . str_replace(array('pdo\\', 'mysqli'), array('', 'mysql'), strtolower($form->db_adapter)) . '.sql'; $db = array('database' => $dbName, 'username' => $dbUser, 'password' => $dbPassword, 'host' => $dbHost, 'prefix' => $dbPrefix, 'type' => str_replace('\\', '_', $form->db_adapter)); Dbs::install($dbName, $db, $sqlFile, $installFile, true); if (stripos($form->db_adapter, 'Pdo\\') !== false) { $adapter = 'Pdo'; $type = strtolower(substr($form->db_adapter, strpos($form->db_adapter, '\\') + 1)); } else { $adapter = $form->db_adapter; $type = null; } // Set the default system config $db = Db::factory($adapter, array('database' => $dbName, 'username' => $dbUser, 'password' => $dbPassword, 'host' => $dbHost, 'type' => $type)); // Get server info if (isset($_SERVER) && isset($_SERVER['SERVER_SOFTWARE'])) { $server = new Server(); $os = $server->getOs() . ' (' . $server->getDistro() . ')'; $srv = $server->getServer() . ' ' . $server->getServerVersion(); $domain = $_SERVER['HTTP_HOST']; $doc = $_SERVER['DOCUMENT_ROOT']; } else { $os = ''; $srv = ''; $domain = ''; $doc = ''; } // Set the system configuration $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . \Phire\Project::VERSION . "' WHERE setting = 'system_version'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->escape($domain) . "' WHERE setting = 'system_domain'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->escape($doc) . "' WHERE setting = 'system_document_root'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->escape($os) . "' WHERE setting = 'server_operating_system'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->escape($srv) . "' WHERE setting = 'server_software'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->version() . "' WHERE setting = 'database_version'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . PHP_VERSION . "' WHERE setting = 'php_version'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . date('Y-m-d H:i:s') . "' WHERE setting = 'installed_on'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "config SET value = '" . $db->adapter()->escape($form->language) . "' WHERE setting = 'default_language'"); $db->adapter()->query("UPDATE " . $db->adapter()->escape($dbPrefix) . "user_types SET password_encryption = '" . $db->adapter()->escape((int) $form->password_encryption) . "' WHERE id = 2001"); }
<?php require_once '../../bootstrap.php'; use Pop\Web\Session; try { $sess = Session::getInstance(); $sess->username = '******'; print_r($sess); print_r($_SESSION); $sess_id = $sess->getId(); echo $sess_id . PHP_EOL . PHP_EOL; // Destroy a session and all its data //$sess->kill(); } catch (\Exception $e) { echo $e->getMessage() . PHP_EOL . PHP_EOL; }
/** * Initialize the ACL object, checking for user types and user roles * * @return void */ protected function initAcl() { // Get the user type from either session or the URI $sess = \Pop\Web\Session::getInstance(); $type = str_replace(BASE_PATH, '', $_SERVER['REQUEST_URI']); // If the URI matches the system user URI if (substr($type, 0, strlen(APP_URI)) == APP_URI) { $type = 'user'; // Else, set user type } else { $type = substr($type, 1); if (strpos($type, '/') !== false) { $type = substr($type, 0, strpos($type, '/')); } } // Create the type object and pass it to the Acl object if (isset($sess->user->type_id)) { $typeObj = \Phire\Table\UserTypes::findById($sess->user->type_id); } else { $typeObj = \Phire\Table\UserTypes::findBy(array('type' => $type)); } $this->getService('acl')->setType($typeObj); // Set the roles for this user type in the Acl object $perms = \Phire\Table\UserRoles::getAllRoles($typeObj->id); if (count($perms['roles']) > 0) { foreach ($perms['roles'] as $role) { $this->getService('acl')->addRole($role); } } // Set up the ACL object's resources and permissions if (count($perms['resources']) > 0) { foreach ($perms['resources'] as $role => $perm) { if (count($perm['allow']) > 0) { foreach ($perm['allow'] as $resource => $p) { $this->getService('acl')->addResource($resource); if (count($p) > 0) { $this->getService('acl')->allow($role, $resource, $p); } else { $this->getService('acl')->allow($role, $resource); } } } else { $this->getService('acl')->allow($role); } if (count($perm['deny']) > 0) { foreach ($perm['deny'] as $resource => $p) { $this->getService('acl')->addResource($resource); if (count($p) > 0) { $this->getService('acl')->deny($role, $resource, $p); } else { $this->getService('acl')->deny($role, $resource); } } } } } }
/** * Get sort order * * @param string $sort * @param string $page * @param string $ord * @return array */ public function getSortOrder($sort = null, $page = null, $ord = 'ASC') { $sess = Session::getInstance(); $limit = (int) $this->config->pagination_limit; $order = array('field' => 'id', 'order' => $ord, 'limit' => $limit > 0 ? $limit : null, 'offset' => 0); if (null !== $sort) { if ($page != $sess->lastPage) { if ($sort != $sess->lastSortField) { $order['field'] = $sort; $order['order'] = $ord; } else { $order['field'] = $sess->lastSortField; $order['order'] = $sess->lastSortOrder; } } else { $order['field'] = $sort; if (isset($sess->lastSortOrder)) { $order['order'] = $sess->lastSortOrder == 'ASC' ? 'DESC' : 'ASC'; } else { $order['order'] = $ord; } } } if (null !== $page && (int) $page > 1) { $order['offset'] = $page * $limit - $limit; } $sess->lastSortField = $order['field']; $sess->lastSortOrder = $order['order']; $sess->lastPage = $page; return $order; }
/** * Method to determine the mobile device * * @param string $mobile * @return string */ public static function getDevice($mobile = null) { $session = Session::getInstance(); if (null !== $mobile) { $force = $mobile; if ($force == 'clear') { unset($session->mobile); } else { $session->mobile = $force; } } if (!isset($session->mobile)) { $device = Mobile::getDevice(); if (null !== $device) { $device = strtolower($device); if ($device == 'android' || $device == 'windows') { $device .= Mobile::isTabletDevice() ? '-tablet' : '-phone'; } } } else { $device = $session->mobile; } return $device; }
/** * Set type method * * @param \Phire\Table\UserTypes $type * @return \Phire\Auth\Acl */ public function setType(\Phire\Table\UserTypes $type) { $this->sess = Session::getInstance(); $this->type = $type; $this->basePath = strtolower($this->type->type) != 'user' ? BASE_PATH . '/' . strtolower($this->type->type) : BASE_PATH . APP_URI; }
/** * Get session object * * @return \Pop\Web\Session */ public function getSession() { return \Pop\Web\Session::getInstance(); }
/** * Prepare view method * * @param string $template * @param array $data * @return void */ public function prepareView($template = null, array $data = array()) { $site = \Phire\Table\Sites::getSite(); if (null !== $template) { $template = $this->getCustomView($template, $site); } $sess = \Pop\Web\Session::getInstance(); $config = \Phire\Table\Config::getSystemConfig(); $i18n = \Phire\Table\Config::getI18n(); $this->live = (bool) $config->live; $jsVars = null; $this->view = View::factory($template, $data); $this->view->set('base_path', $site->base_path)->set('content_path', CONTENT_PATH); // Check for an override Phire theme for the header/footer if (file_exists($site->document_root . $site->base_path . CONTENT_PATH . '/extensions/themes/phire/header.phtml') && file_exists($site->document_root . $site->base_path . CONTENT_PATH . '/extensions/themes/phire/footer.phtml')) { $this->view->set('phireHeader', $site->document_root . $site->base_path . CONTENT_PATH . '/extensions/themes/phire/header.phtml')->set('phireFooter', $site->document_root . $site->base_path . CONTENT_PATH . '/extensions/themes/phire/footer.phtml'); // Else, just use the default header/footer } else { $this->view->set('phireHeader', $site->document_root . $site->base_path . APP_PATH . '/vendor/Phire/view/phire/header.phtml')->set('phireFooter', $site->document_root . $site->base_path . APP_PATH . '/vendor/Phire/view/phire/footer.phtml'); } if (isset($this->view->assets)) { $jsVars = '?lang=' . $config->default_language; } if (isset($sess->user)) { if (isset($this->sess->user->last_action)) { $this->sess->user->last_action = date('Y-m-d H:i:s'); } // Set the timeout warning, giving a 30 second buffer to act if (isset($this->view->assets)) { if (isset($this->view->acl) && $this->view->acl->getType()->session_expiration > 0 && $this->view->acl->getType()->timeout_warning) { $exp = $this->view->acl->getType()->session_expiration * 60 - 30; $uri = $site->base_path . (strtolower($this->view->acl->getType()->type) != 'user' ? '/' . strtolower($this->view->acl->getType()->type) : APP_URI); $jsVars .= '&_exp=' . $exp . '&_base=' . urlencode($uri); } } $this->view->set('user', $sess->user)->set('role', \Phire\Table\UserRoles::getRole($sess->user->role_id))->set('globalAccess', $sess->user->global_access); if (isset($this->view->phireNav) && isset($this->view->acl) && $this->view->acl->hasRole($this->view->role->getName())) { $this->view->phireNav->setConfig(array('top' => array('node' => 'ul', 'id' => 'phire-nav'))); $this->view->phireNav->setAcl($this->view->acl); $this->view->phireNav->setRole($this->view->role); $tree = $this->view->phireNav->getTree(); // If the sub-children haven't been added yet if (isset($tree[0])) { // And any user types to the main phire nav $userTypes = \Phire\Table\UserTypes::findAll('id ASC'); if (isset($userTypes->rows)) { foreach ($userTypes->rows as $type) { $perm = 'index_' . $type->id; if ($this->view->acl->isAuth('Phire\\Controller\\Phire\\User\\IndexController', 'index') && $this->view->acl->isAuth('Phire\\Controller\\Phire\\User\\IndexController', 'index_' . $type->id)) { $perm = 'index'; } $this->view->phireNav->addLeaf('Users', array('name' => ucwords(str_replace('-', ' ', $type->type)), 'href' => 'index/' . $type->id, 'acl' => array('resource' => 'Phire\\Controller\\Phire\\User\\IndexController', 'permission' => $perm)), 1); } } // Set the language $tree = $this->view->phireNav->getTree(); foreach ($tree as $key => $value) { if (isset($value['name'])) { $tree[$key]['name'] = $i18n->__($value['name']); if (isset($value['children']) && count($value['children']) > 0) { foreach ($value['children'] as $k => $v) { if ($v['name'] == 'Fields' && isset($tree[$key]['children'][$k]['children'][0]['name'])) { $tree[$key]['children'][$k]['children'][0]['name'] = $i18n->__($tree[$key]['children'][$k]['children'][0]['name']); } $tree[$key]['children'][$k]['name'] = $i18n->__($v['name']); } } } } $this->view->phireNav->setTree($tree); } $this->view->phireNav->rebuild(); $this->view->phireNav->nav()->setIndent(' '); } } if (isset($this->view->assets)) { $this->view->assets = str_replace('jax.3.2.0.min.js', 'jax.3.2.0.min.js' . $jsVars, $this->view->assets); } if (isset($sess->errors)) { $this->view->set('errors', $sess->errors); } // Set config object and system/site default data $this->view->set('i18n', $i18n)->set('system_title', $config->system_title)->set('system_email', $config->system_email)->set('site_title', $config->site_title)->set('base_path', $config->base_path)->set('separator', $config->separator)->set('default_language', $config->default_language)->set('datetime_format', $config->datetime_format); }
/** * Create nav tree from content type * * @param int $id * @return mixed */ protected function createNavFrom($id) { $tree = []; if ($id == 'categories') { $category = new \Phire\Categories\Model\Category(); $contentAry = $category->getAll(); $cat = true; } else { $sess = Session::getInstance(); unset($sess->lastSortField); unset($sess->lastSortOrder); unset($sess->lastPage); $content = new \Phire\Content\Model\Content(); $contentAry = $content->getAll($id, 'id'); $cat = false; } foreach ($contentAry as $c) { $branch = ['id' => $c->id, 'type' => $cat ? 'category' : 'content', 'name' => $c->title, 'href' => $c->uri, 'children' => isset($c->status) && $c->status == 1 || !isset($c->status) ? $this->getNavChildren($c, 0, $cat) : []]; if (isset($c->roles)) { $roles = unserialize($c->roles); if (count($roles) > 0) { $branch['acl'] = ['resource' => 'content-' . $c->id]; } } if (isset($c->status) && $c->status == 1 || !isset($c->status)) { $tree[] = $branch; } } return serialize($tree); }
/** * Parse the value * * @param string $fieldValue * @return boolean */ protected static function parseValue($fieldValue) { $fieldValue = str_replace(['[{base_path}]', '[{content_path}]'], [BASE_PATH, CONTENT_PATH], $fieldValue); // Parse any date placeholders $dates = []; preg_match_all('/\\[\\{date.*\\}\\]/', $fieldValue, $dates); if (isset($dates[0]) && isset($dates[0][0])) { foreach ($dates[0] as $date) { $pattern = str_replace('}]', '', substr($date, strpos($date, '_') + 1)); $fieldValue = str_replace($date, date($pattern), $fieldValue); } } // Parse any session placeholders $open = []; $close = []; $merge = []; $sess = []; preg_match_all('/\\[\\{sess\\}\\]/msi', $fieldValue, $open, PREG_OFFSET_CAPTURE); preg_match_all('/\\[\\{\\/sess\\}\\]/msi', $fieldValue, $close, PREG_OFFSET_CAPTURE); // If matches are found, format and merge the results. if (isset($open[0][0]) && isset($close[0][0])) { foreach ($open[0] as $key => $value) { $merge[] = [$open[0][$key][0] => $open[0][$key][1], $close[0][$key][0] => $close[0][$key][1]]; } } foreach ($merge as $match) { $sess[] = substr($fieldValue, $match['[{sess}]'], $match['[{/sess}]'] - $match['[{sess}]'] + 9); } if (count($sess) > 0) { $session = Session::getInstance(); foreach ($sess as $s) { $sessString = str_replace(['[{sess}]', '[{/sess}]'], ['', ''], $s); $isSess = null; $noSess = null; if (strpos($sessString, '[{or}]') !== false) { $sessValues = explode('[{or}]', $sessString); if (isset($sessValues[0])) { $isSess = $sessValues[0]; } if (isset($sessValues[1])) { $noSess = $sessValues[1]; } } else { $isSess = $sessString; } if (null !== $isSess) { if (!isset($session->user)) { $fieldValue = str_replace($s, $noSess, $fieldValue); } else { $newSess = $isSess; foreach ($_SESSION as $sessKey => $sessValue) { if ((is_array($sessValue) || $sessValue instanceof \ArrayObject) && strpos($fieldValue, '[{' . $sessKey . '->') !== false) { foreach ($sessValue as $sessK => $sessV) { if (!is_array($sessV)) { $newSess = str_replace('[{' . $sessKey . '->' . $sessK . '}]', $sessV, $newSess); } } } else { if (!is_array($sessValue) && !$sessValue instanceof \ArrayObject && strpos($fieldValue, '[{' . $sessKey) !== false) { $newSess = str_replace('[{' . $sessKey . '}]', $sessValue, $newSess); } } } if ($newSess != $isSess) { $fieldValue = str_replace('[{sess}]' . $sessString . '[{/sess}]', $newSess, $fieldValue); } else { $fieldValue = str_replace($s, $noSess, $fieldValue); } } } else { $fieldValue = str_replace($s, '', $fieldValue); } } } return $fieldValue; }
public function logout() { $this->sess->kill(); $this->redirect('/login'); }