/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated then.
* The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
*
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId needs to be updated
$user->updateSessionId(true);
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
// add CSRF token to session
$user->saveCrsfTokenToSession();
return $user;
}
}
}
// delete group confirmation
if ($groupAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'delgroup')) {
$message = '';
$user = new PMF_User_CurrentUser($faqConfig);
$perm = $user->perm;
$groupId = PMF_Filter::filterInput(INPUT_POST, 'group_list_select', FILTER_VALIDATE_INT, 0);
if ($groupId <= 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$groupAction = $defaultGroupAction;
} else {
$twig->loadTemplate('group/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'groupData' => $perm->getGroupData($groupId), 'groupId' => $groupId));
}
}
if ($groupAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'delgroup')) {
$message = '';
$user = new PMF_User($faqConfig);
$groupId = PMF_Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT, 0);
$csrfOkay = true;
$csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$csrfOkay = false;
}
$groupAction = $defaultGroupAction;
if ($groupId <= 0) {
$message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
} else {
if (!$user->perm->deleteGroup($groupId) && !$csrfOkay) {
$message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_group_error_delete']);
} else {
/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated if
* necessary. The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId and cookie information needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
$user->setRememberMe(sha1(session_id()));
}
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
die;
}
$attachmentErrors = array();
// authenticate with session information
$user = PMF_User_CurrentUser::getFromSession($faqconfig->get('security.ipCheck'));
if (!$user instanceof PMF_User_CurrentUser) {
$user = new PMF_User_CurrentUser();
// user not logged in -> empty user object
}
$id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$attachment = PMF_Attachment_Factory::create($id);
$userPermission = $faq->getPermission('user', $attachment->getRecordId());
$groupPermission = $faq->getPermission('group', $attachment->getRecordId());
// Check on group permissions
if ($user->perm instanceof PMF_Perm_PermMedium) {
if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) {
$groupPermission = true;
} else {
$groupPermission = false;
}
} else {
$groupPermission = true;
}
// Check in user's permissions
if (in_array($user->getUserId(), $userPermission)) {
$userPermission = true;
} else {
$userPermission = false;
}
if ($attachment && ($groupPermission || $groupPermission && $userPermission)) {
try {
if ($userId == 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
$userAction = $defaultUserAction;
} else {
$twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
}
}
}
// delete user
if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
$csrfOkay = true;
$csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$csrfOkay = false;
}
$userAction = $defaultUserAction;
if ($userId == 0 && !$csrfOkay) {
$message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
} else {
if (!$user->getUserById($userId)) {
$message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
}
if (count($multiCategories) > 1) {
foreach ($multiCategories as $multiCat) {
$path = $category->getPath($multiCat['id'], ' » ', true, 'breadcrumb-related-categories');
if ('' === trim($path)) {
continue;
}
$htmlAllCategories .= $path;
}
}
// Related FAQs
$faqSearchResult->reviewResultset($faqRelation->getAllRelatedById($recordId, $faq->faqRecord['title'], $faq->faqRecord['keywords']));
$searchHelper = new PMF_Helper_Search($faqConfig);
$relatedFaqs = $searchHelper->renderRelatedFaqs($faqSearchResult, $recordId);
// Show link to edit the faq?
$editThisEntry = '';
if ($user->perm->checkRight($user->getUserId(), 'editbt')) {
$editThisEntry = sprintf('<a href="%sadmin/index.php?action=editentry&id=%d&lang=%s">%s</a>', PMF_Link::getSystemRelativeUri('index.php'), $recordId, $lang, $PMF_LANG['ad_entry_edit_1'] . ' ' . $PMF_LANG['ad_entry_edit_2']);
}
// Is the faq expired?
$expired = date('YmdHis') > $faq->faqRecord['dateEnd'];
// Does the user have the right to add a comment?
if (-1 === $user->getUserId() && !$faqConfig->get('records.allowCommentsForGuests') || $faq->faqRecord['active'] === 'no' || 'n' == $faq->faqRecord['comment'] || $expired) {
$commentMessage = $PMF_LANG['msgWriteNoComment'];
} else {
$commentMessage = sprintf("%s<a href=\"javascript:void(0);\" onclick=\"javascript:\$('#commentForm').show();\">%s</a>", $PMF_LANG['msgYouCan'], $PMF_LANG['msgWriteComment']);
}
$translationUrl = sprintf(str_replace('%', '%%', PMF_Link::getSystemRelativeUri('index.php')) . 'index.php?%saction=translate&cat=%s&id=%d&srclang=%s', $sids, $currentCategory, $recordId, $lang);
if (!empty($switchLanguage)) {
$tpl->parseBlock('writeContent', 'switchLanguage', array('msgChangeLanguage' => $PMF_LANG['msgLangaugeSubmit']));
}
if ($user->perm->checkRight($user->getUserId(), 'addtranslation')) {
