/** * Process submitting of the mail form. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the thread with specified ID and token is * not found. */ public function submitFormAction(Request $request) { $errors = array(); $thread_id = $request->attributes->get('thread_id'); $token = $request->attributes->get('token'); // Try to load the thread $thread = Thread::load($thread_id, $token); if (!$thread) { throw new NotFoundException('The thread is not found.'); } $email = $request->request->get('email'); $group = $thread->groupId ? group_by_id($thread->groupId) : null; if (!$email) { $errors[] = no_field('Your email'); } elseif (!MailUtils::isValidAddress($email)) { $errors[] = wrong_field('Your email'); } if (count($errors) > 0) { $request->attributes->set('errors', $errors); // Render the mail form again return $this->showFormAction($request); } $history = ''; $last_id = -1; $messages = $thread->getMessages(true, $last_id); foreach ($messages as $msg) { $history .= message_to_text($msg); } // Load mail templates and substitute placeholders there. $mail_template = MailTemplate::loadByName('user_history', get_current_locale()); if ($mail_template) { $this->sendMail(MailUtils::buildMessage($email, MIBEW_MAILBOX, $mail_template->buildSubject(), $mail_template->buildBody(array($thread->userName, $history, Settings::get('title'), Settings::get('hosturl'))))); } else { trigger_error('Cannot send e-mail because "user_history" mail template cannot be loaded.', E_USER_WARNING); } $page = setup_logo($group); $page['email'] = $email; return $this->render('mailsent', $page); }
} if ($email != '' && !is_valid_email($email)) { $errors[] = wrong_field("form.field.mail"); } if ($jabber != '' && !is_valid_email($jabber)) { $errors[] = wrong_field("form.field.jabber"); } if ($jabbernotify && $jabber == '') { if ($settings['enablejabber'] == "1") { $errors[] = no_field("form.field.jabber"); } else { $jabbernotify = false; } } if (!$opId && !$password) { $errors[] = no_field("form.field.password"); } if ($password != $passwordConfirm) { $errors[] = getlocal("my_settings.error.password_match"); } $existing_operator = operator_by_login($login); if (!$opId && $existing_operator || $opId && $existing_operator && $opId != $existing_operator['operatorid']) { $errors[] = getlocal("page_agent.error.duplicate_login"); } $canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator); if (!$canmodify) { $errors[] = getlocal('page_agent.cannot_modify'); } if (count($errors) == 0) { if (!$opId) { $newop = create_operator($login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0, "");
require_once 'libs/common.php'; require_once 'libs/chat.php'; require_once 'libs/expand.php'; require_once 'libs/notify.php'; $errors = array(); $page = array(); $token = verifyparam("token", "/^\\d{1,8}\$/"); $threadid = verifyparam("thread", "/^\\d{1,8}\$/"); $thread = thread_by_id($threadid); if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) { die("wrong thread"); } $email = getparam('email'); $page['email'] = $email; if (!$email) { $errors[] = no_field("form.field.email"); } else { if (!is_valid_email($email)) { $errors[] = wrong_field("form.field.email"); } } if (count($errors) > 0) { $page['formemail'] = $email; $page['ct.chatThreadId'] = $thread['threadid']; $page['ct.token'] = $thread['ltoken']; $page['level'] = ""; setup_logo(); expand("styles", getchatstyle(), "mail.tpl"); exit; } $history = "";
if (!$message) { $errors[] = getlocal("cannededit.no_such"); $stringid = ""; } } else { $message = ""; $page['locale'] = verifyparam("lang", "/^[\\w-]{2,5}\$/", ""); $page['groupid'] = ""; if ($settings['enablegroups'] == '1') { $page['groupid'] = verifyparam("group", "/^\\d{0,10}\$/"); } } if (isset($_POST['message'])) { $message = getparam('message'); if (!$message) { $errors[] = no_field("form.field.message"); } if (count($errors) == 0) { if ($stringid) { save_message($stringid, $message); } else { add_message($page['locale'], $page['groupid'], $message); } $page['saved'] = true; prepare_menu($operator, false); start_html_output(); require '../view/cannededit.php'; exit; } } $page['saved'] = false;
/** * Processes submitting of the forms which is generated in * {@link \Mibew\Controller\CannedMessageController::showEditFormAction()} * method. * * @param Request $request * @return string Rendered page content */ public function submitEditFormAction(Request $request) { csrf_check_token($request); $operator = $this->getOperator(); $message_id = $request->attributes->getInt('message_id'); $errors = array(); $title = $request->request->get('title'); if (!$title) { $errors[] = no_field("Title"); } $message = $request->request->get('message'); if (!$message) { $errors[] = no_field("Message"); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showEditFormAction($request); } if ($message_id) { save_canned_message($message_id, $title, $message); } else { $locale = $this->extractLocale($request); $group_id = $this->extractGroupId($request); add_canned_message($locale, $group_id, $title, $message); } $page['saved'] = true; $page = array_merge($page, prepare_menu($operator, false)); return $this->render('canned_message_edit', $page); }
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\GroupController::showEditFormAction()} method. * * @param Request $request incoming request. * @return string Rendered page content. */ public function submitFormAction(Request $request) { csrf_check_token($request); $errors = array(); $group_id = $request->attributes->get('group_id', false); $parent_group = $request->request->get('parentgroup'); if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) { $parent_group = null; } $name = $request->request->get('name'); $description = $request->request->get('description'); $common_name = $request->request->get('commonname'); $common_description = $request->request->get('commondescription'); $email = $request->request->get('email'); $weight = $request->request->get('weight'); $title = $request->request->get('title'); $chat_title = $request->request->get('chattitle'); $host_url = $request->request->get('hosturl'); $logo = $request->request->get('logo'); if (!$name) { $errors[] = no_field("Name"); } if ($email != '' && !MailUtils::isValidAddress($email)) { $errors[] = wrong_field("E-mail"); } if (!preg_match("/^(\\d{1,10})?\$/", $weight)) { $errors[] = wrong_field("Weight"); } if (!$weight) { $weight = 0; } $existing_group = group_by_name($name); $duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid']; if ($duplicate_name) { $errors[] = getlocal("Please choose another name because a group with that name already exists."); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showFormAction($request); } if (!$group_id) { // Greate new group $new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo)); // Redirect an operator to group's member page. $redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid'])); } else { // Update exisitng group update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo)); // Redirect an operator to group's page. $redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id)); } return $this->redirect($redirect_to); }
/** * Processes submitting of password form. * * @param Request $request Incoming request. * @return Response */ public function submitPasswordFormAction(Request $request) { // Check if the user can run this step if ($this->getCurrentStep() != self::STEP_SET_PASSWORD) { $this->redirect($this->generateStepUrl(self::STEP_SET_PASSWORD)); } $password = $request->request->get('password'); $password_confirm = $request->request->get('password_confirm'); $errors = array(); // Validate passwords if (!$password) { $errors[] = no_field('Password'); } if (!$password_confirm) { $errors[] = no_field('Confirmation'); } if ($password !== $password_confirm) { $errors[] = getlocal('Passwords do not match.'); } if (!empty($errors)) { // Something went wrong we should rerender the form. $request->attributes->set('errors', $errors); return $this->showPasswordFormAction($request); } $installer = $this->getInstaller(); if (!$installer->setPassword($password)) { return $this->renderStep('install_step', array('errors' => $installer->getErrors())); } $this->setLog(self::STEP_SET_PASSWORD, array(getlocal('Password is set.'))); $this->setCurrentStep(self::STEP_IMPORT_LOCALES); return $this->renderStep('install_step', array('nextstep' => getlocal('Import locales'))); }
if (!isset($messages[$source])) { load_messages($source); } $lang1 = $messages[$source]; if (!isset($messages[$target])) { load_messages($target); } $lang2 = $messages[$target]; $errors = array(); $page = array('lang1' => $source, 'lang2' => $target, 'title1' => isset($lang1["localeid"]) ? $lang1["localeid"] : $source, 'title2' => isset($lang2["localeid"]) ? $lang2["localeid"] : $target); if ($stringid) { $translation = isset($lang2[$stringid]) ? $lang2[$stringid] : ""; if (isset($_POST['translation'])) { $translation = getparam('translation'); if (!$translation) { $errors[] = no_field("form.field.translation"); } if (count($errors) == 0) { save_message($target, $stringid, $translation); $page['saved'] = true; prepare_menu($operator, false); start_html_output(); require '../view/translate.php'; exit; } } $page['saved'] = false; $page['key'] = $stringid; $page['target'] = $target; $page['formoriginal'] = isset($lang1[$stringid]) ? $lang1[$stringid] : "<b><unknown></b>"; $page['formtranslation'] = $translation;
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\BanController::showEditFormAction()} method. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the ban with specified ID is not found in * the system. */ public function submitEditFormAction(Request $request) { csrf_check_token($request); $operator = $this->getOperator(); $errors = array(); $page = array('banId' => '', 'saved' => false); // Get form fields and validate them $ban_id = $request->attributes->getInt('ban_id'); $address = $request->request->get('address'); $days = $request->request->get('days'); $comment = $request->request->get('comment'); if (!$address) { $errors[] = no_field('Visitor\'s Address'); } if (!preg_match("/^\\d+\$/", $days)) { $errors[] = wrong_field('Days'); } if (!$comment) { $errors[] = no_field('Comment'); } // Check if the ban already exists in the database $existing_ban = Ban::loadByAddress($address); $ban_duplicate = !$ban_id && $existing_ban || $ban_id && $existing_ban && $ban_id != $existing_ban->id; if ($ban_duplicate) { $ban_url = $this->generateUrl('ban_edit', array('ban_id' => $existing_ban->id)); $errors[] = getlocal('The specified address is already in use. Click <a href="{1}">here</a> if you want to edit it.', array($address, $ban_url)); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showEditFormAction($request); } // Save ban into the database if (!$ban_id) { $ban = new Ban(); $ban->created = time(); } else { $ban = Ban::load($ban_id); if (!$ban) { throw new NotFoundException('The ban is not found.'); } } $ban->till = time() + $days * 24 * 60 * 60; $ban->address = $address; $ban->comment = $comment; $ban->save(); // Rerender the form page $page['saved'] = true; $page['address'] = $address; $page['title'] = getlocal('Block address'); $page = array_merge($page, prepare_menu($operator, false)); return $this->render('ban', $page); }
$page['threadid'] = ''; $errors = array(); if (isset($_POST['address'])) { $banId = verifyparam("banId", "/^(\\d{1,10})?\$/", ""); $address = getparam("address"); $days = getparam("days"); $comment = getparam('comment'); $threadid = isset($_POST['threadid']) ? getparam('threadid') : ""; if (!$address) { $errors[] = no_field("form.field.address"); } if (!preg_match("/^\\d+\$/", $days)) { $errors[] = wrong_field("form.field.ban_days"); } if (!$comment) { $errors[] = no_field("form.field.ban_comment"); } $link = connect(); $existing_ban = ban_for_addr_($address, $link); mysql_close($link); if (!$banId && $existing_ban || $banId && $existing_ban && $banId != $existing_ban['banid']) { $errors[] = getlocal2("ban.error.duplicate", array(safe_htmlspecialchars($address), safe_htmlspecialchars($existing_ban['banid']))); } if (count($errors) == 0) { $link = connect(); $utime = time() + $days * 24 * 60 * 60; if (!$banId) { $query = sprintf("insert into {$mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link)); perform_query($query, $link); } else { $query = sprintf("update {$mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = %s", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link), intval($banId));
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\Localization\LocaleController::showEditFormAction()} * method. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the locale with specified code is not found * in the system. */ public function submitEditFormAction(Request $request) { csrf_check_token($request); $errors = array(); $locale = $request->attributes->get('locale'); $time_locale = $request->request->get('timelocale'); $date_format_full = $request->request->get('dateformatfull'); $date_format_date = $request->request->get('dateformatdate'); $date_format_time = $request->request->get('dateformattime'); if (!$locale) { throw new NotFoundException(); } if (!$time_locale) { $errors[] = no_field('Time locale'); } if (!$date_format_full) { $errors[] = no_field('Date format (full)'); } if (!$date_format_date) { $errors[] = no_field('Date format (date)'); } if (!$date_format_time) { $errors[] = no_field('Date format (time)'); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showEditFormAction($request); } $locale_info = get_locale_info($locale); $locale_info['time_locale'] = $time_locale; $locale_info['date_format'] = array('full' => $date_format_full, 'date' => $date_format_date, 'time' => $date_format_time); // Save the locale set_locale_info($locale, $locale_info); // Redirect the user to edit page again to use GET method instead of // POST. $redirect_to = $this->generateUrl('locale_edit', array('locale' => $locale, 'stored' => true)); return $this->redirect($redirect_to); }
{ global $mysqlprefix; $link = connect(); $query = sprintf("update {$mysqlprefix}chatgroup set vclocalname = '%s', vclocaldescription = '%s', vccommonname = '%s', vccommondescription = '%s', vcemail = '%s' where groupid = %s", mysql_real_escape_string($name), mysql_real_escape_string($descr), mysql_real_escape_string($commonname), mysql_real_escape_string($commondescr), mysql_real_escape_string($email), $groupid); perform_query($query, $link); mysql_close($link); } if (isset($_POST['name'])) { $groupid = verifyparam("gid", "/^(\\d{1,9})?\$/", ""); $name = getparam('name'); $description = getparam('description'); $commonname = getparam('commonname'); $commondescription = getparam('commondescription'); $email = getparam('email'); if (!$name) { $errors[] = no_field("form.field.groupname"); } if ($email != '' && !is_valid_email($email)) { $errors[] = wrong_field("form.field.mail"); } $existing_group = group_by_name($name); if (!$groupid && $existing_group || $groupid && $existing_group && $groupid != $existing_group['groupid']) { $errors[] = getlocal("page.group.duplicate_name"); } if (count($errors) == 0) { if (!$groupid) { $newdep = create_group($name, $description, $commonname, $commondescription, $email); header("Location: {$webimroot}/operator/groupmembers.php?gid=" . $newdep['groupid']); exit; } else { update_group($groupid, $name, $description, $commonname, $commondescription, $email);
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\TranslateController::showEditFormAction()} * method. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function submitEditFormAction(Request $request) { csrf_check_token($request); $operator = $this->getOperator(); $errors = array(); $string_id = $request->attributes->get('string_id'); $string = $this->loadString($string_id); if (!$string) { throw new NotFoundException('The string is not found.'); } $target = $string['locale']; $translation = $request->request->get('translation'); if (!$translation) { $errors[] = no_field("Translation"); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showEditFormAction($request); } save_message($target, $string['source'], $translation); // Remove cached client side translations. $this->getCache()->getItem('translation/js/' . $target)->clear(); $page['saved'] = true; $page['title'] = getlocal("Translations"); $page = array_merge($page, prepare_menu($operator, false)); return $this->render('translation_edit', $page); }
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\OperatorController::showEditFormAction()} method. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function submitFormAction(Request $request) { csrf_check_token($request); $errors = array(); $operator = $this->getOperator(); $op_id = $request->attributes->getInt('operator_id'); $login = $request->request->get('login'); $email = $request->request->get('email'); $password = $request->request->get('password'); $password_confirm = $request->request->get('passwordConfirm'); $local_name = $request->request->get('name'); $common_name = $request->request->get('commonname'); $code = $request->request->get('code'); if (!$local_name) { $errors[] = no_field('Name'); } if (!$common_name) { $errors[] = no_field('International name (Latin)'); } // The login is needed only for new operators. If login is changed for // existing operator the stored password hash becomes invalid. if (!$op_id) { if (!$login) { $errors[] = no_field('Login'); } elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) { $errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.'); } } if (!$email || !MailUtils::isValidAddress($email)) { $errors[] = wrong_field('E-mail'); } if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) { $errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.'); } if (!$op_id && !$password) { $errors[] = no_field('Password'); } if ($password != $password_confirm) { $errors[] = getlocal('Entered passwords do not match'); } $existing_operator = operator_by_login($login); $duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid']; if ($duplicate_login) { $errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.'); } // Check if operator with specified email already exists in the database. $existing_operator = operator_by_email($email); $duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid']; if ($duplicate_email) { $errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.'); } if (count($errors) != 0) { $request->attributes->set('errors', $errors); // The form should be rebuild. Invoke appropriate action. return $this->showFormAction($request); } if (!$op_id) { // Create new operator and redirect the current operator to avatar // page. $new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code); $redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid'])); return $this->redirect($redirect_to); } // Mix old operator's fields with updated values $target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id); // Set the password only if it's not an empty string. if ($password !== '') { $target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password); } // Update operator's fields in the database. update_operator($target_operator); // Operator's data are cached in the authentication manager, thus we need // to manually update them. if ($target_operator['operatorid'] == $operator['operatorid']) { // Check if the admin has set his password for the first time. $to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != ''; // Update operator's fields. $this->getAuthenticationManager()->setOperator($target_operator); // Redirect the admin to the home page if needed. if ($to_dashboard) { return $this->redirect($this->generateUrl('home_operator')); } } // Redirect the operator to edit page again to use GET method instead of // POST. $redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true)); return $this->redirect($redirect_to); }
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\MailTemplateController::showFormAction()} * method. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function submitEditFormAction(Request $request) { csrf_check_token($request); $name = $request->attributes->get('name'); $lang = $this->extractLocale($request); $errors = array(); $subject = $request->request->get('subject'); if (!$subject) { $errors[] = no_field('Mail subject'); } $body = $request->request->get('body'); if (!$body) { $errors[] = no_field('Mail body'); } if (count($errors) != 0) { // On or more errors took place. We cannot continue the saving // process. Just attach errors to the request and rerender the edit // form. $request->attributes->set('errors', $errors); return $this->showEditFormAction($request); } // Get the instance of mail template that should be modified. $template = MailTemplate::loadByName($name, $lang, true); if (!$template) { // The template cannot be loaded. Create a new one. $template = new MailTemplate($name, $lang); } $template->subject = $subject; $template->body = $body; $template->save(); $redirect_to = $this->generateUrl('mail_templates', array('lang' => $lang, 'stored' => true)); return $this->redirect($redirect_to); }
/** * Resets operators password and provides an ability to set the new one. * * @param Request $request * @return string Rendered page content */ public function resetAction(Request $request) { $page = array('version' => MIBEW_VERSION, 'showform' => true, 'title' => getlocal('Change your password'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array()); if ($request->isMethod('POST')) { // When HTTP GET method is used the form is just rendered but the // user does not pass any data. Thus we need to prevent CSRF attacks // only for POST requests csrf_check_token($request); } // Make sure user id is specified and its format is correct. $op_id = $request->isMethod('GET') ? $request->query->get('id') : $request->request->get('id'); if (!preg_match("/^\\d{1,9}\$/", $op_id)) { throw new BadRequestException(); } // Make sure token is specified and its format is correct. $token = $request->isMethod('GET') ? $request->query->get('token') : $request->request->get('token'); if (!preg_match("/^[\\dabcdef]+\$/", $token)) { throw new BadRequestException(); } $operator = operator_by_id($op_id); if (!$operator) { $page['errors'][] = 'No such operator'; $page['showform'] = false; } elseif ($token != $operator['vcrestoretoken']) { $page['errors'][] = 'Wrong token'; $page['showform'] = false; } if (count($page['errors']) == 0 && $request->isMethod('POST') && $request->request->has('password')) { $password = $request->request->get('password'); $password_confirm = $request->request->get('passwordConfirm'); if (!$password) { $page['errors'][] = no_field('Password'); } if ($password != $password_confirm) { $page['errors'][] = getlocal('Entered passwords do not match'); } if (count($page['errors']) == 0) { $page['isdone'] = true; // Update the operator $operator['vcrestoretoken'] = ''; $operator['vcpassword'] = calculate_password_hash($operator['vclogin'], $password); update_operator($operator); $page['loginname'] = $operator['vclogin']; return $this->render('password_recovery_reset', $page); } } $page['id'] = $op_id; $page['token'] = $token; $page['isdone'] = false; return $this->render('password_recovery_reset', $page); }