public function action_delete()
{
$result = array('status' => false, 'error' => array());
try {
$input = Input::post();
if (empty($input) || empty($input['id'])) {
throw new Exception('You must specify a blog to delete.');
}
$blog = Model_Blog::find($input['id']);
if (!$blog) {
throw new Exception('Blog not found.');
}
if (!\Access::can('delete_any_blog', $this->user) && (!\Access::can('delete_own_blog', $this->user) || !Model_Agency_Contact::is_confirmed($blog->user_id, $this->user))) {
throw new Exception('You are not authorized to delete this blog');
}
try {
$blog->delete();
$result['status'] = true;
} catch (\Orm\ValidationFailed $ex) {
$result['error'] = $ex->getMessage();
} catch (Exception $ex) {
$msg = $ex->getMessage();
$result['error'] = $msg ? $msg : 'Oops, something went wrong.';
}
} catch (Exception $ex) {
$result['error'] = $ex->getMessage();
}
return $this->response($result);
}
public static function load($blog_id = null, $user_id = null, $include_count = true, $offset = 0, $limit = BLOG_DISPLAY_LIMIT)
{
$filters = array();
$current_user = \Warden::current_user();
$result = array('data' => array(), 'count' => 0);
if (empty($blog_id)) {
if (empty($user_id)) {
$filters['public_flag'] = true;
//only load public blogs if not loading a specific user's blog
if (!$current_user || !\Access::can('publicize_any_blog', $current_user)) {
$filters['publish_flag'] = true;
//only load published blogs if the user is not privileged to publicize any blog
}
} else {
if (!$current_user || $user_id != $current_user->id) {
$filters['publish_flag'] = true;
//only load published blogs if the user is loading a blog that's not their own
}
$filters['user_id'] = $user_id;
//load blogs for the specified user only
}
$result['data'] = static::get_where($filters, $offset, $limit);
} else {
$result['data'] = static::get_where(array('id' => $blog_id, 0, 1));
}
if (!empty($result['data'])) {
$result['count'] = $include_count ? static::get_count($filters) : count($result['data']);
}
return $result;
}
public function action_login()
{
$this->template->title = 'User » Login';
$this->template->content = $this->action_get_login_form();
$post = Input::post();
if (!empty($post)) {
//get the destination path to redirect to upon login
$destination = empty($_REQUEST['destination']) ? '/welcome' : $_REQUEST['destination'];
$this->template->content->destination = $destination;
//add server-side validation
$validation = $this->template->content->validation;
$validation->add_field('username_or_email', 'Username or Email', 'required');
$validation->add_field('password', 'Password', 'required');
if ($validation->run()) {
try {
$authenticated_flag = false;
if ($this->user && \Access::can('impersonate_any_user', $this->user)) {
Warden::logout();
$authenticated_flag = Warden::force_login($validation->validated('username_or_email'), true);
} else {
$authenticated_flag = Warden::authenticate($validation->validated('username_or_email'), $validation->validated('password'), Input::post('remember_me'));
}
if ($authenticated_flag) {
Response::redirect(Uri::create($destination, array(), array(), false));
} else {
Session::set_flash('error', 'Invalid username/email or password entered.');
}
} catch (Warden\Failure $failure) {
switch ($failure->reason()) {
case 'unconfirmed':
//user is unconfirmed - let them know they need to confirm and activate their account
Session::set_flash('error', $failure->getMessage());
$this->template->content = View::forge('user/unconfirmed');
$this->template->content->user = $failure->get_user();
$this->template->content->user->send_confirmation_instructions();
break;
case 'locked':
Session::set_flash('error', array('Your account has been locked due to too many consecutive failed login attempts.', 'Check your email for instructions on unlocking your account. Or you can wait a few days and try again.'));
break;
default:
Session::set_flash('error', $failure->getMessage());
}
} catch (Exception $ex) {
Session::set_flash('error', $ex->getMessage());
}
} else {
Session::set_flash('error', 'Invalid username/email or password entered.');
}
}
}
<?php
$disabled_flag = $current_user && !\Access::can('impersonate_any_user', $current_user) ? true : false;
?>
<div id="login">
<?php
echo Form::open(array('action' => $disabled_flag ? false : Uri::create('user/login', array(), array(), \Config::get('ssl_enable')), 'id' => 'login-form'));
?>
<h1 class="center">Sign In</h1>
<?php
echo Form::hidden('destination', $destination);
?>
<?php
echo Form::hidden('omniauth', '', array('id' => 'omniauth'));
?>
<div class="input"><?php
echo Form::input('username_or_email', $validation->input('username_or_email'), array('type' => 'text', 'id' => 'login_username_or_email', 'class' => 'text', 'placeholder' => 'Username or Email', 'disabled' => $disabled_flag));
?>
</div>
<div class="input"><?php
echo Form::password('password', $validation->input('password'), array('id' => 'login_password', 'class' => 'text', 'placeholder' => 'Password', 'disabled' => $disabled_flag));
?>
</div>
<div class="input links">
<span id="remember-me"><?php
echo Form::checkbox('remember_me', false, array('id' => 'remember-me-checkbox'));
?>
<label for="remember-me-checkbox"> Remember Me</label></span>
<span id="forgot-password"><a href="<?php
echo Uri::create('user/forgot_password', array(), array(), \Config::get('ssl_enable'));
?>
public function action_unlock()
{
if (!\Access::can('unlock_any_user', $this->user)) {
//user must either be editing their own account, or have special privileges to edit someone else's
\Response::redirect('/welcome/404');
}
$post = \Input::post();
if (empty($post) || empty($post['user_id'])) {
//user_id of user to unlock must be posted
\Response::redirect('/welcome/404');
}
$user_id = $post['user_id'];
try {
//load the user, assign the new roles and save
$user = $user_id == $this->user->id ? $this->user : \Warden\Model_User::find($user_id);
if (!$user->is_access_locked()) {
throw new Exception('User is not locked.');
}
$user->unlock_access(true);
Session::set_flash('success', 'User is unlocked.');
} catch (\MongoOrm\ValidationFailed $ex) {
Session::set_flash('error', $ex->getMessage());
} catch (Exception $ex) {
$msg = $ex->getMessage();
Session::set_flash('error', $msg ? $msg : 'Oops, something went wrong.');
}
\Response::redirect('/member/view/' . $user_id);
}
protected function load_blog_view($user_id, $blog_id = null)
{
$blogView = \View::forge('pages/blog');
$results = Model_Blog::load($blog_id, $user_id);
$blogView->is_confirmed = $this->user && $this->user->id == $user_id;
$blogView->user_id = $this->user ? $this->user->id : $user_id;
$blogView->blog_id = $blog_id;
$blogView->blogs = $results['data'];
$blogView->count = $results['count'];
$blogView->is_public = empty($user_id) ? true : false;
$blogView->can_edit_own = $this->user && \Access::can('edit_own_blog', $this->user);
$blogView->can_edit_any = $this->user && \Access::can('edit_any_blog', $this->user);
$blogView->can_delete_own = $this->user && \Access::can('delete_own_blog', $this->user);
$blogView->can_delete_any = $this->user && \Access::can('delete_any_blog', $this->user);
$blogView->can_make_own_public = $this->user && \Access::can('publicize_own_blog', $this->user);
$blogView->can_make_any_public = $this->user && \Access::can('publicize_any_blog', $this->user);
$blogView->addable = empty($blog_id) && $this->user && $blogView->can_edit_own && ($blogView->is_public && $blogView->can_make_own_public || $blogView->is_confirmed);
//user can add their own blog
$blogView->include_edit_form = $blogView->addable || $blogView->can_edit_any && $blogView->count;
$blogView->force_public = $blogView->is_public && $blogView->can_make_any_public;
$blogView->title = null;
if ($blogView->include_edit_form) {
$this->include_client_scripts(array('jquery_forms'));
}
return $blogView;
}
