public function init(Website $website, Request $request)
{
$this->request = $request;
// Handle login ourselves
// (Using the provided getMinimumRank helper gives an ugly
// "You need to be logged in to view this page" message.)
$this->loggedIn = $website->getAuth()->check(Authentication::RANK_USER, false);
$this->loggedInAsAdmin = $website->isLoggedInAsStaff(true);
if (!$this->loggedIn) {
$this->errorMessage = $this->getLoginErrorMessage($website->getText(), $website->getAuth());
}
$this->canCreateAccounts = (bool) $website->getConfig()->get(Config::OPTION_USER_ACCOUNT_CREATION);
}
public function init(Website $website, Request $request)
{
$userId = $request->getParamInt(0);
// Fetch user
$userRepo = $website->getAuth()->getUserRepository();
$user = $userRepo->getById($userId);
if (!$user->canLogIn()) {
// Can't log in to deleted or banned users
throw new NotFoundException();
}
// Set user
$this->newUser = $user;
$website->getAuth()->setCurrentUser($user);
}
public function init(Website $website, Request $request)
{
$this->errorMessage = $website->getAuth()->getLoginError($this->minimumRank);
$psrRequest = $request->toPsr();
$this->targetUrl = $psrRequest->getUri();
$this->postVars = (array) $psrRequest->getParsedBody();
$this->canCreateAccounts = $website->getConfig()->get(Config::OPTION_USER_ACCOUNT_CREATION);
}
public function getPageContent(Website $website, Request $request)
{
$show_form = true;
$textToDisplay = "";
if (isset($_REQUEST["display_name"])) {
// Sent
$display_name = $request->getRequestString("display_name");
if (Validate::displayName($display_name)) {
// Valid display_name
$this->user->setDisplayName($display_name);
$userRepo = $website->getAuth()->getUserRepository();
$userRepo->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.display_name") . ' ' . $website->t("editor.is_changed") . '</p>';
// Don't show form
$show_form = false;
} else {
// Invalid display_name
$website->addError($website->t("users.display_name") . ' ' . Validate::getLastError($website));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.display_name", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Text above form
$textToDisplay .= "<p>" . $website->t("users.display_name.edit.explained") . "</p>\n";
if ($this->editing_someone_else) {
$textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
}
// Form itself
$display_name = isset($_POST['display_name']) ? htmlSpecialChars($_POST['display_name']) : $this->user->getDisplayName();
$textToDisplay .= <<<EOT
<p>{$website->t("main.fields_required")}</p>
<form action="{$website->getUrlMain()}" method="post">
<p>
<label for="display_name">{$website->t('users.display_name')}:</label><span class="required">*</span><br />
<input type="text" id="display_name" name="display_name" value="{$display_name}"/><br />
</p>
<p>
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="hidden" name="p" value="edit_display_name" />
<input type="submit" value="{$website->t('users.display_name.edit')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
public function init(Website $website, Request $request)
{
$articleId = $request->getParamInt(0);
$oArticles = new ArticleRepository($website);
$this->article = $oArticles->getArticleOrFail($articleId);
$this->editLinks = $website->isLoggedInAsStaff();
$this->currentUser = $website->getAuth()->getCurrentUser();
if ($this->article->showComments) {
$oComments = new CommentRepository($website->getDatabase());
$this->comments = $oComments->getCommentsArticle($this->article->getId());
} else {
$this->comments = [];
}
}
public function getPageContent(Website $website, Request $request)
{
$show_form = true;
$textToDisplay = "";
if ($request->hasRequestValue("email")) {
// Sent
$email = $request->getRequestString("email");
if (Validate::email($email)) {
// Valid email
$this->user->setEmail($email);
$userRepo = $website->getAuth()->getUserRepository();
$userRepo->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.email") . ' ' . $website->t("editor.is_changed") . '</p>';
// Don't show form
$show_form = false;
} else {
// Invalid email
$website->addError($website->t("users.email") . ' ' . Validate::getLastError($website));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.email", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Text above form
$textToDisplay .= "<p>" . $website->t("users.email.edit.explained") . "</p>\n";
if ($this->editing_someone_else) {
$textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
}
// Form itself
$email = htmlSpecialChars($request->getRequestString("email", $this->user->getEmail()));
$textToDisplay .= <<<EOT
<form action="{$website->getUrlMain()}" method="post">
<p>
<label for="email">{$website->t('users.email')}:</label><br /><input type="text" id="email" name="email" value="{$email}"/><br />
</p>
<p>
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="hidden" name="p" value="edit_email" />
<input type="submit" value="{$website->t('users.email.edit')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
protected function get_ranks_box_html(Website $website, $ranks, $selected)
{
$oAuth = $website->getAuth();
$text = $website->getText();
$selection_box = '<select name="rank" id="rank">';
foreach ($ranks as $id) {
$label = $text->t($oAuth->getRankName($id));
$selection_box .= '<option value="' . $id . '"';
if ($selected == $id) {
$selection_box .= ' selected="selected"';
}
$selection_box .= '>' . $label . "</option>\n";
}
$selection_box .= "</select>\n";
return $selection_box;
}
public function init(Website $website, Request $request)
{
$id = $request->getParamInt(0, 0);
// Load document
$documentRepo = new DocumentRepository($website->getDatabase(), true);
$user = $website->getAuth()->getCurrentUser();
// ^ this is never null, as the required rank for this page is moderator
$this->document = $this->retrieveDocument($website, $documentRepo, $id, $user);
// Load document widgets
$this->widgetLoader = $website->getWidgets();
$widgetRepo = new WidgetRepository($website);
$this->widgets = $widgetRepo->getWidgetsInDocumentWithId($id);
// Check for edits
$this->saveData($website->getText(), $request, $this->document, $documentRepo);
// Store new request token
$this->requestToken = RequestToken::generateNew();
$this->requestToken->saveToSession();
}
private function handleUserRequest(Website $website, Request $request)
{
$username = $request->getRequestString("creating_username", "");
$displayName = $request->getRequestString("creating_display_name", "");
$password = $request->getRequestString("creating_password", "");
$email = $request->getRequestString("creating_email", "");
$rank = $request->getRequestInt("creating_rank", 0);
$newUser = User::createNewUser($username, $displayName, $password);
$newUser->setEmail($email);
$newUser->setRank($rank);
$text = $website->getText();
$userRepo = new UserRepository($website->getDatabase());
if (Validate::requestToken($request) && $this->validateInput($newUser, $password, $website->getAuth(), $userRepo, $text)) {
$userRepo->save($newUser);
$this->accountCreated = true;
$text->addMessage($text->t("users.create.other.done"), Link::of($text->getUrlPage("create_account_admin"), $text->t("users.create_another")), Link::of($text->getUrlPage("account_management"), $text->t("main.account_management")));
}
return $newUser;
}
public function init(Website $website, Request $request)
{
$commentId = $request->getParamInt(0, 0);
$repo = new CommentRepository($website->getDatabase());
$this->comment = $repo->getCommentOrFail($commentId);
$user = $website->getAuth()->getCurrentUser();
// Check if user is allowed to delete this comment
if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) {
throw new NotFoundException();
}
// Check if form was submitted
if (Validate::requestToken($request)) {
$repo->deleteComment($commentId);
$text = $website->getText();
$articleLink = $text->getUrlPage("article", $this->comment->getArticleId());
$text->addMessage($text->t("comments.comment") . ' ' . $text->t("editor.is_deleted"), Link::of($articleLink, $text->t("main.ok")));
} else {
$this->requestToken = RequestToken::generateNew();
$this->requestToken->saveToSession();
}
}
public function init(Website $website, Request $request)
{
$text = $website->getText();
$currentUser = $website->getAuth()->getCurrentUser();
$articleId = $request->getParamInt(0);
$articleRepository = new ArticleRepository($website);
$article = $this->getArticle($articleRepository, $currentUser, $articleId);
$articleEditor = new ArticleEditor($article);
$this->articleEditor = $articleEditor;
$categoryRepository = new CategoryRepository($website->getDatabase());
$this->allCategories = $categoryRepository->getCategories();
$this->richEditor = new CKEditor($website->getText(), $website->getConfig(), $website->getThemeManager());
// Validate token, then save new one to session
$validToken = Validate::requestToken($request);
$this->token = RequestToken::generateNew();
$this->token->saveToSession();
// Now check input
if (!$articleEditor->processInput($website->getText(), $request, $categoryRepository)) {
return;
}
if ($request->hasRequestValue("submit") && $validToken) {
// Try to save
$article = $articleEditor->getArticle();
if ($articleRepository->saveArticle($article)) {
$viewArticleLink = Link::of($website->getUrlPage("article", $article->getId()), $website->t("articles.view"));
if ($articleId == 0) {
// New article created
$text->addMessage($text->t("main.article") . " " . $text->t("editor.is_created"), $viewArticleLink);
} else {
// Article updated
$text->addMessage($text->t("main.article") . " " . $text->t("editor.is_edited"), $viewArticleLink);
}
// Check for redirect
if ($request->getRequestString("submit") == $website->t("editor.save_and_quit")) {
$this->redirectUrl = $website->getUrlPage("article", $article->getId());
}
}
}
}
public function init(Website $website, Request $request)
{
$text = $website->getText();
$this->requestToken = RequestToken::generateNew();
$commentId = $request->getParamInt(0, 0);
$auth = $website->getAuth();
$user = $auth->getCurrentUser();
$repo = new CommentRepository($website->getDatabase());
$this->comment = $repo->getCommentOrFail($commentId);
if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) {
// Can only edit own comment unless moderator
throw new NotFoundException();
}
if ($request->hasRequestValue("submit") && Validate::requestToken($request)) {
// Validate and save comment
$this->updateCommentFromRequest($this->comment, $request);
if ($repo->validateComment($this->comment, $text)) {
$repo->saveComment($this->comment);
$this->redirectLink = $this->comment->getUrl($text);
}
}
$this->requestToken->saveToSession();
}
public function init(Website $website, Request $request)
{
$text = $website->getText();
$this->requestToken = RequestToken::generateNew();
$articleId = $request->getParamInt(0, 0);
$articleRepo = new ArticleRepository($website);
$article = $articleRepo->getArticleOrFail($articleId);
if (!$article->showComments) {
$text->addError($text->t("comments.commenting_not_allowed_on_article"));
return;
}
$user = $website->getAuth()->getCurrentUser();
$this->comment = $this->fetchComment($request, $article, $user);
if ($request->hasRequestValue("submit") && Validate::requestToken($request)) {
// Validate and save comment
$repo = new CommentRepository($website->getDatabase());
if ($repo->validateComment($this->comment, $text)) {
$repo->saveComment($this->comment);
$this->redirectLink = $this->comment->getUrl($text);
}
}
$this->requestToken->saveToSession();
}
public function init(Website $website, Request $request)
{
$website->getAuth()->logOut();
}
public function getPageContent(Website $website, Request $request)
{
// Don't allow to edit your own status (why would admins want to downgrade
// themselves?)
if (!$this->editing_someone_else) {
$website->addError($website->t("users.account") . " " . $website->t("errors.not_editable"));
return "";
}
$show_form = true;
$textToDisplay = "";
if ($request->hasRequestValue("status")) {
// Sent
$status = $request->getRequestInt("status");
$status_text = $request->getRequestString("status_text");
$oAuth = $website->getAuth();
$valid = true;
// Check status id
if (!$oAuth->isValidStatus($status)) {
$website->addError($website->t("users.status") . ' ' . $website->t("errors.not_found"));
$valid = false;
}
// Check status text
if (!Validate::stringLength($status_text, 1, self::MAXIMUM_STATUS_TEXT_LENGTH)) {
$website->addError($website->t("users.status_text") . " " . Validate::getLastError($website));
$valid = false;
}
if ($valid) {
// Valid status
$this->user->setStatus($status);
$this->user->setStatusText($status_text);
$oAuth->getUserRepository()->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.status") . ' ' . $website->t("editor.is_changed") . '</p>';
// Don't show form
$show_form = false;
} else {
// Invalid status
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.status", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Variables
$status = $website->getRequestInt("status", $this->user->getStatus());
$statuses = array(Authentication::STATUS_NORMAL, Authentication::STATUS_BANNED, Authentication::STATUS_DELETED);
$status_text = htmlSpecialChars($request->getRequestString("status_text", $this->user->getStatusText()));
// Form itself
$textToDisplay .= <<<EOT
<p>
{$website->t("users.status.edit.explained")}
{$website->tReplaced("accounts.edit_other", "<strong>" . $this->user->getDisplayName() . "</strong>")}
</p>
<p>
{$website->t("main.fields_required")}
</p>
<form action="{$website->getUrlMain()}" method="get">
<p>
<label for="status">{$website->t("users.status")}</label>:<span class="required">*</span><br />
{$this->get_statuses_box_html($website->getAuth(), $statuses, $status)}
</p>
<p>
<label for="status_text">{$website->t("users.status_text")}</label>:<span class="required">*</span><br />
<input type="text" name="status_text" id="status_text" size="80" value="{$status_text}" />
</p>
<p>
<input type="hidden" name="p" value="edit_account_status" />
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="submit" value="{$website->t('editor.save')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
/**
* Returns links to edit the profile, based on the permissions of the user
* that is viewing this page.
*/
public function get_edit_links_html(Website $website)
{
$viewing_user = $website->getAuth()->getCurrentUser();
$returnValue = "";
// Get privileges
$is_viewing_themselves = false;
$is_viewing_as_moderator = false;
$is_viewing_as_admin = false;
if ($viewing_user != null) {
$is_viewing_themselves = $this->user->getId() == $viewing_user->getId();
if ($website->isLoggedInAsStaff(false)) {
$is_viewing_as_moderator = true;
}
if ($website->isLoggedInAsStaff(true)) {
$is_viewing_as_admin = true;
}
}
// Gravatar link + help
if ($is_viewing_themselves) {
// No way that other admins can edit someone's avatar, so only display help text for owner
$returnValue .= <<<EOT
<p>
{$website->tReplaced("users.gravatar.explained", '<a href="http://gravatar.com/">gravatar.com</a>')}
</p>
EOT;
}
// Add all account edit links
$edit_links = [];
if (!$is_viewing_themselves && $is_viewing_as_moderator) {
// Accessed by a moderator that isn't viewing his/her own account
// Add (un)ban link
$edit_links[] = $this->get_edit_link($website, "edit_account_status", "users.status.edit");
}
if ($is_viewing_themselves || $is_viewing_as_admin) {
// Accessed by the user themselves or an admin
// Display links to edit profile
$edit_links[] = $this->get_edit_link($website, "edit_email", "users.email.edit");
$edit_links[] = $this->get_edit_link($website, "edit_password", "users.password.edit");
$edit_links[] = $this->get_edit_link($website, "edit_display_name", "users.display_name.edit");
}
if (!$is_viewing_themselves && $is_viewing_as_admin) {
// Accessed by an admin that isn't viewing his/her own account
// Add rank edit link and login link
$edit_links[] = $this->get_edit_link($website, "edit_rank", "users.rank.edit");
// Only display login link if account is not deleted/banned
if ($this->user->canLogIn()) {
$edit_links[] = $this->get_edit_link($website, "login_other", "main.log_in");
}
}
if (count($edit_links) > 0) {
$returnValue .= "<p>\n" . implode($edit_links) . "</p>\n";
}
return $returnValue;
}
/** Gets a table of all users */
public function get_users_table(Website $website, $start)
{
$start = (int) $start;
$oAuth = $website->getAuth();
$users = $oAuth->getUserRepository()->getRegisteredUsers($start, self::USERS_PER_PAGE);
$current_user_id = $oAuth->getCurrentUser()->getId();
// Start table
$returnValue = "<table>\n";
$returnValue .= "<tr><th>" . $website->t("users.username") . "</th><th>" . $website->t("users.display_name") . "</th><th>" . $website->t("users.email") . "</th><th>" . $website->t("users.rank") . "</th><th>" . $website->t("main.edit") . "</th></tr>\n";
//login-naam-email-admin-bewerk
$returnValue .= '<tr><td colspan="5"><a class="arrow" href="' . $website->getUrlPage("create_account_admin") . '">' . $website->t("users.create") . "...</a></td></tr>\n";
//maak nieuwe account
if (count($users) > 0) {
foreach ($users as $user) {
// Email
$email_link = '<em>' . $website->t("main.not_set") . '</em>';
$email = $user->getEmail();
if ($email) {
$email = htmlSpecialChars($email);
$email_link = '<a href="mailto:' . $email . '">' . $email . '</a>';
}
// Others
$username = $user->getUsername();
// Usernames are severly restricted, so no need to escape
$display_name = htmlSpecialChars($user->getDisplayName());
$rank_name = $website->t($oAuth->getRankName($user->getRank()));
if ($user->getStatus() == Authentication::STATUS_BANNED) {
$rank_name = $website->t("users.status.banned");
}
if ($user->getStatus() == Authentication::STATUS_DELETED) {
$rank_name = $website->t("users.status.deleted");
}
$username_link = '<a href="' . $website->getUrlPage("account", $user->getId()) . '">' . $username . '</a>';
$login_link = '<a class="arrow" href="' . $website->getUrlPage("login_other", $user->getId()) . '">' . $website->t("main.log_in") . '</a>';
if ($user->getId() == $current_user_id || !$user->canLogIn()) {
// No need to log in as that account
$login_link = "";
}
// Rest of row
$returnValue .= <<<EOT
<tr>
<td>{$username_link}</td>
<td>{$display_name}</td>
<td>{$email_link}</td>
<td>{$rank_name}</td>
<td>{$login_link}</td>
</tr>
EOT;
}
}
$returnValue .= "</table>";
return $returnValue;
}
public function getPageContent(Website $website, Request $request)
{
$show_form = true;
$textToDisplay = "";
if ($request->hasRequestValue("password")) {
// Sent
$old_password = $request->getRequestString("old_password");
if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) {
// Old password entered correctly
$password = $request->getRequestString("password");
$password2 = $request->getRequestString("password2");
if (Validate::password($password, $password2)) {
// Valid password
$this->user->setPassword($password);
$userRepo = $website->getAuth()->getUserRepository();
$userRepo->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>';
// Update login cookie (only when changing your own password)
if (!$this->editing_someone_else) {
$website->getAuth()->setLoginCookie();
}
// Don't show form
$show_form = false;
} else {
// Invalid new password
$website->addError($website->t("users.password") . ' ' . Validate::getLastError($website));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
} else {
// Invalid old password
$website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct"));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Text above form
$textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n";
if ($this->editing_someone_else) {
$textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
}
// Form itself
$old_password_text = "";
if (!$this->editing_someone_else) {
// Add field to verify old password when editing yourself
$old_password_text = <<<EOT
<label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br />
<input type="password" id="old_password" name="old_password" value=""/><br />
EOT;
}
$textToDisplay .= <<<EOT
<p>{$website->t("main.fields_required")}</p>
<form action="{$website->getUrlMain()}" method="post">
<p>
{$old_password_text}
<label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br />
<input type="password" id="password" name="password" value=""/><br />
<label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br />
<input type="password" id="password2" name="password2" value=""/><br />
</p>
<p>
<input type="hidden" name="p" value="edit_password" />
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="submit" value="{$website->t('users.password.edit')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
public function init(Website $website, Request $request)
{
$oComments = new CommentRepository($website->getDatabase());
$this->comments = $oComments->getCommentsLatest();
$this->viewingUser = $website->getAuth()->getCurrentUser();
}