/**
* Check user permissions and authentication
*/
public function checkAuth()
{
$user = User::getInstance();
$uid = false;
if ($user->isAuthorized()) {
$uid = $user->id;
}
if (!$uid) {
if (Request::isAjax()) {
Response::jsonError($this->_lang->MSG_AUTHORIZE);
} else {
$this->loginAction();
}
}
/*
* Check CSRF token
*/
if ($this->_configFrontend->get('use_csrf_token') && Request::hasPost()) {
$csrf = new Security_Csrf();
$csrf->setOptions(array('lifetime' => $this->_configFrontend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configFrontend->get('use_csrf_token_garbage_limit')));
if (!$csrf->checkHeader() && !$csrf->checkPost()) {
$this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
}
}
$this->_user = $user;
}
private function get_form_results()
{
if(!Request::hasPost())
return array();
if(!Validate::checkRequest('post', 'name', 'string'))
$error_message['name'] = 'Please enter a value for your name.';
if(!Validate::checkRequest('post', 'email', 'string'))
$error_message['email'] = 'Please enter a valid email address.';
if(!Validate::checkRequest('post', 'message', 'string'))
$error_message['message'] = 'Please enter a message.';
if(!empty($error_message))
{
return array(
'error_message' => $error_message,
'value' => Request::getPost());
}
global $container;
$sent = $container['mail']
->addTo($container['config']->admin_email)
->setSubject('Site Contact')
->setPlainMessage(
'Name: ' . Request::getPost('name') . "\n" .
'Email: ' . Request::getPost('email') . "\n" .
'Message: ' . Request::getPost('message')
)
->send();
return array(
'success_message' => "Thank you for your message, " . Request::getPost('name') . "! I'll get back to you as soon as possible.");
}
public function get()
{
$new = '';
$titulos = array();
$nombres = array();
$urls = array();
foreach ($this->idiomas as $idioma) {
$titulos[$idioma] = Request::getPost("titulo_{$idioma}", '');
$nombres[$idioma] = Request::getPost("nombre_{$idioma}", '');
$urls[$idioma] = Request::getPost("url_{$idioma}", '');
}
if ($this->inmueble->found() && !Request::hasPost('codigo')) {
$new = str_pad(Inmuebles_Paginas::pos($this->inmueble->id) + 1, 4, '0', STR_PAD_LEFT);
}
return array('unique' => $this->unique, 'idiomas' => $this->idiomas, 'codigo' => $this->codigo, 'inmueble' => $this->inmueble, 'contenidos' => $this->contenidos, 'pagina' => Request::getPost('codigo', $new), 'tipo' => Request::getPost('tipo', 0), 'titulos' => $titulos, 'nombres' => $nombres, 'urls' => $urls);
}
public function submit()
{
if (Request::hasPost('guardar')) {
list($this->validationFlag, $this->validation) = Validation::check(array('nombre' => 'required', 'apellido' => 'required'));
if ($this->validationFlag) {
$nombre = Request::getPost('nombre');
$apellido = Request::getPost('apellido');
$correo = Request::getPost('correo');
$cargo = Request::getPost('cargo');
$telOficina = Request::getPost('tel_oficina');
$telOficinaInt = Request::getPost('tel_oficina_int');
$telCelular = Request::getPost('tel_celular');
$telFax = Request::getPost('tel_fax');
$telCasa = Request::getPost('tel_casa');
Db::update('personas', array('nombre' => $nombre, 'apellido' => $apellido, 'correo' => $correo, 'cargo' => $cargo, 'tel_oficina' => $telOficina, 'tel_oficina_int' => $telOficinaInt, 'tel_celular' => $telCelular, 'tel_fax' => $telFax, 'tel_casa' => $telCasa, 'fecha_modificacion' => time()), "id_personas = '{$this->idPersonas}'");
Response::setRedirect("/personas/{$this->idPersonas}");
}
}
}
public function init()
{
if (!Session::getInstance()->usuario) {
return '/admin/ingresar';
}
$new = '';
$this->idiomas = Translate::all();
if (!Request::hasPost('codigo')) {
$new = str_pad(Inmuebles::count() + 1, 4, '0', STR_PAD_LEFT);
}
$this->values = array();
$this->values['codigo'] = Request::getPost('codigo', $new);
foreach ($this->idiomas as $idioma) {
$this->values["nombre_{$idioma}"] = Request::getPost("nombre_{$idioma}", '');
$this->values["titulo_{$idioma}"] = Request::getPost("titulo_{$idioma}", '');
$this->values["url_{$idioma}"] = Request::getPost("url_{$idioma}", '');
}
return true;
}
public function init($inmueble)
{
if (!Session::getInstance()->usuario) {
return '/admin/ingresar';
}
$this->inmuebleCodigo = $inmueble;
$this->inmueble = new Inmuebles();
$this->inmueble->codigo = $this->inmuebleCodigo;
$this->inmueble->queryAll();
if (!$this->inmueble->found()) {
return true;
}
$new = '';
if (Request::hasPost('codigo')) {
$this->codigo = Request::getPost('codigo', '');
} else {
$this->codigo = str_pad(Inmuebles_Fotos::count(array('inmueble_id' => $this->inmueble->id)) + 1, 4, '0', STR_PAD_LEFT);
}
return true;
}
public function submit()
{
if (Request::hasPost('guardar')) {
list($this->validationFlag, $this->validation) = Validation::check(array('nombre' => 'required'));
if ($this->validationFlag) {
$nombre = Request::getPost('nombre');
$direccion1 = Request::getPost('direccion_1');
$direccion2 = Request::getPost('direccion_2');
$ciudad = Request::getPost('ciudad');
$estado = Request::getPost('estado');
$codPostal = Request::getPost('cod_postal');
$idPaises = Request::getPost('id_paises');
$web = Request::getPost('web');
$telOficina = Request::getPost('tel_oficina');
$telFax = Request::getPost('tel_fax');
Db::update('empresas', array('nombre' => $nombre, 'direccion_1' => $direccion1, 'direccion_2' => $direccion2, 'ciudad' => $ciudad, 'estado' => $estado, 'cod_postal' => $codPostal, 'id_paises' => $idPaises, 'web' => $web, 'tel_oficina' => $telOficina, 'tel_fax' => $telFax, 'fecha_modificacion' => time()), "id_empresas = '{$this->idEmpresas}'");
Response::setRedirect("/empresas/{$this->idEmpresas}");
}
}
}
public function activate()
{
// todo why is this responsible for checking on valid calls
if (!Request::hasPost()) {
return false;
}
if (!Request::getPost('submit') == 'Submit Comment') {
return false;
}
if (Request::getPost('catch') !== '') {
return false;
}
$errors = $this->checkValidation();
if (count($errors) > 0) {
return $errors;
}
$commentId = $this->save(Request::getPost());
// todo broken notifications
$this->redirectToComment($commentId);
}
private function process_form()
{
if(!Request::hasPost() || Request::getPost('submit') != 'Send Message!')
return (object) array('display' => 'normal');
Loader::load('utility', 'Validate');
$error_result = array();
if(!Validate::checkRequest('post', 'name', 'string'))
$error_result['name'] = 'please enter your name';
if(!Validate::checkRequest('post', 'email', 'string'))
$error_result['email'] = 'please enter a valid email';
if(!Validate::checkRequest('post', 'message', 'string'))
$error_result['message'] = 'please write a message';
$values = (object) array(
'name' => Request::getPost('name'),
'email' => Request::getPost('email'),
'message' => Request::getPost('message'));
if(count($error_result) > 0)
{
return (object) array(
'display' => 'error',
'messages' => $error_result,
'values' => $values);
}
global $container;
$sent = $container['mail']
->addTo($container['config']->admin_email)
->setSubject('Home Page Contact')
->setPlainMessage(
"Name: {$values->name}\n" .
"Email: {$values->email}\n" .
"Message: {$values->message}"
)
->send();
return (object) array('display' => 'success');
}
/**
* Returns controller name read from mvc_controller URL parameter
* (POST has precedence over GET). If mvc_controller is not given,
* falls back to default controller.
*
* @param Request $request
* @return null
*/
public function route($request)
{
// Fallback: route to default controller and action.
$controller = $this->getDefaultController();
// GET parameter overrides the default controller.
if ($request->hasGet('mvc_controller')) {
$controller = $request->get('mvc_controller');
}
// POST parameter overrides GET parameter.
if ($request->hasPost('mvc_controller')) {
$controller = $request->post('mvc_controller');
}
return $controller;
}
/**
* @covers spriebsch\MVC\Request::__construct
* @covers spriebsch\MVC\Request::__call
*/
public function testHasPostReturnsFalseForEmptyGetValue()
{
$request = new Request(array(), array('key' => ''));
$this->assertFalse($request->hasPost('key'));
}
/**
* Check user permissions and authentication
*/
public function checkAuth()
{
$user = User::getInstance();
$uid = false;
if ($user->isAuthorized()) {
$uid = $user->id;
}
if (!$uid || !$user->isAdmin()) {
if (Request::isAjax()) {
Response::jsonError($this->_lang->MSG_AUTHORIZE);
} else {
$this->loginAction();
}
}
/*
* Check CSRF token
*/
if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) {
$csrf = new Security_Csrf();
$csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit')));
if (!$csrf->checkHeader() && !$csrf->checkPost()) {
$this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
}
}
$this->_user = $user;
$isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true);
if ($isSysController) {
return;
}
if (!$this->_user->canView($this->_module)) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
$moduleManager = new Backend_Modules_Manager();
// $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']);
/*
* Redirect for undefined module
*/
if (!$moduleManager->isValidModule($this->_module)) {
$this->_errorResponse($this->_lang->WRONG_REQUEST);
}
$moduleCfg = $moduleManager->getModuleConfig($this->_module);
/*
* Redirect for disabled module
*/
if ($moduleCfg['active'] == false) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
/*
* Redirect for dev module at prouction
*/
if ($moduleCfg['dev'] && !$this->_configMain['development']) {
$this->_errorResponse($this->_lang->CANT_VIEW);
}
}
protected function actionWebsite()
{
// Default action
// $this->action = '';
$this->mappy = new Mappy();
$this->twitter = new Twitter();
if (Request::isPost()) {
$saved = false;
if (Request::hasPost('save') && $this->twitter->connected()) {
$idCountry = Request::getPost('country', 0);
$idArea = Request::getPost('area', 0);
$idLocality = Request::getPost('locality', 0);
if (!$idCountry) {
$countryName = Request::getPost('country_name', '');
$countryISO = Request::getPost('country_iso', '');
$countryCode = self::encode($countryName);
$country = Db::fetchRow("SELECT countries.id_country\n , countries.code\n , countries.name\n , countries.iso\n FROM twcensus_countries AS countries\n WHERE countries.code = '{$countryCode}'\n AND countries.iso = '{$countryISO}'");
if ($country) {
$idCountry = $country['id_country'];
} else {
$idCountry = Db::insert('twcensus_countries', array('code' => $countryCode, 'name' => $countryName, 'iso' => $countryISO));
}
}
if (!$idArea) {
$areaName = Request::getPost('area_name', '');
$areaCode = self::encode($areaName);
$area = Db::fetchRow("SELECT areas.id_area\n , areas.code\n , areas.name\n FROM twcensus_areas AS areas\n WHERE areas.id_country = '{$idCountry}'\n AND areas.code = '{$areaCode}'");
if ($area) {
$idArea = $area['id_area'];
} else {
$idArea = Db::insert('twcensus_areas', array('id_country' => $idCountry, 'code' => $areaCode, 'name' => $areaName));
}
}
if (!$idLocality) {
$localityName = Request::getPost('locality_name', '');
$localityCode = self::encode($localityName);
$locality = Db::fetchRow("SELECT localities.id_locality\n , localities.code\n , localities.name\n FROM twcensus_localities AS localities\n WHERE localities.id_area = '{$idArea}'\n AND localities.code = '{$localityCode}'");
if ($locality) {
$idLocality = $locality['id_locality'];
} else {
$idLocality = Db::insert('twcensus_localities', array('id_area' => $idArea, 'code' => $localityCode, 'name' => $localityName));
}
}
$info = array('id_country' => $idCountry, 'id_area' => $idArea, 'id_locality' => $idLocality, 'address' => Request::getPost('address', ''), 'x' => Request::getPost('coord_x', 0), 'y' => Request::getPost('coord_y', 0), 'sex' => Request::getPost('sex', 0), 'age' => Request::getPost('age', 0), 'saved' => time());
Db::update('twcensus_users', $info, array('id_user' => $this->twitter->getID()));
$saved = true;
}
TwCensus::redirect('/' . ($saved ? '?saved' : ''));
} elseif (Request::hasQuery('destroy')) {
$this->twitter->destroy();
} elseif ($this->twitter->connected()) {
$data = $this->twitter->credentials();
$info = array('name' => $data['name'], 'username' => $data['username'], 'location' => $data['location'], 'description' => $data['description'], 'image' => $data['image'], 'url' => $data['url'], 'token' => $this->twitter->getToken(), 'secret' => $this->twitter->getTokenSecret());
if ($this->exists($data['id'])) {
$info['modified'] = time();
Db::update('twcensus_users', $info, array('id_user' => $data['id']));
} else {
$info['id_user'] = $data['id'];
$info['created'] = time();
Db::insert('twcensus_users', $info);
}
$this->select($data['id']);
} elseif (Request::hasQuery('area')) {
$this->area = Db::fetchRow("SELECT areas.id_area\n , areas.code\n , areas.name\n FROM twcensus_areas AS areas\n INNER JOIN twcensus_countries AS countries\n ON countries.id_country = areas.id_country\n AND countries.iso = '" . self::$config['country'] . "'\n WHERE areas.code = '" . Request::getQuery('area', '') . "'\n LIMIT 1");
}
}
/**
* Returns controller name read from mvc_controller URL parameter
* (POST has precedence over GET). If mvc_controller is not given,
* falls back to default controller.
*
* @param Request $request
* @return null
* @todo currently only cares about first role. Make work for array of roles.
*/
public function getControllerName(Request $request)
{
// Fallback: route to default controller and action.
$controllerName = $this->defaultControllerName;
// GET parameter overrides the default controller.
if ($request->hasGet('mvc_controller')) {
$controllerName = $request->get('mvc_controller');
}
// POST parameter overrides GET parameter.
if ($request->hasPost('mvc_controller')) {
$controllerName = $request->post('mvc_controller');
}
$roles = $this->authenticationAdapter->getRoles();
$role = $roles[0];
// If that controller is not allowed, select authentication controller.
if (!$this->acl->isAllowed($role, $controllerName)) {
$controllerName = $this->authenticationControllerName;
}
// @todo remember selected controller & action to back-direct later
// @todo either redirect to auth controller (for anonymous) OR FAIL?
return $controllerName;
}
protected function handle_comment_submit($site_id, $path, $redirect_url, $page_title)
{
if(Request::hasPost() && Request::getPost('submit') == 'Submit Comment')
{
$parameters = array($site_id, $path, $redirect_url, $page_title);
$this->comment_errors = Loader::loadNew('module', 'form/CommentSubmitModule', $parameters)->activate();
}
return;
}
