function indexAction() { $config_table = new Config(); // $modules_table = new Modules('core'); $modules_table = new Modules('modules'); $modules_table_core = new Modules('core'); $request = new RivetyCore_Request($this->getRequest()); $modid = $request->has('modid') ? $request->modid : 'default'; if ($this->_request->isPost()) { $config_params = $this->_request->getParams(); foreach ($config_params as $ckey => $value) { $data = array('value' => $value); $config_table->update($data, "ckey = '" . $ckey . "' and module = '" . $modid . "'"); } $this->view->success = $this->_T('Configuration Updated.'); $config_table->cache(); $params = array(); $this->_rivety_plugin->doAction($this->_mca . '_post_save', $params); // ACTION HOOK } $config = $config_table->fetchAll($config_table->select()->where('module = ?', $modid)); if (count($config) > 0) { $config = $config->toArray(); sort($config); $this->view->config = $config; } $modules = $modules_table_core->getEnabledModules(); sort($modules); $this->view->modules = $modules; $this->view->current = $modid; $this->view->modid = $modid; if ($modid == 'default') $mod_cfg = $modules_table_core->parseIni($modid); else $mod_cfg = $modules_table->parseIni($modid); $this->view->module_title = $mod_cfg['general']['name']; $this->view->breadcrumbs = array('Module Config' => null); }
function editAction() { if ($this->_user->username != $this->_identity->username) { $this->_forward('default', 'auth', 'missing'); return; } else { // $countries_table = new Countries(); // $this->view->countries = $countries_table->getCountriesArray('Choose a country...'); $user = $this->_user->toArray(); $params = array('user' => $user, 'request' => $this->_request, 'session' => $this->session); $pre_render = $this->_rivety_plugin->doFilter($this->_mca . "_pre_render", $params); // FILTER HOOK $user = $pre_render['user']; foreach ($pre_render as $key => $value) { if ($key != "user") $this->view->$key = $value; } //$tags = unserialize($user->tags); if ($this->getRequest()->isPost()) { $errors = array(); $request = new RivetyCore_Request($this->getRequest()); // $request->stripTags(array('email', 'newpassword', 'confirm', 'aboutme')); $request->stripTags(array('email', 'newpassword', 'confirm')); $user['username'] = $this->_identity->username; $user['email'] = $request->email; // $user['full_name'] = $request->full_name; $user['password'] = $request->newpassword; $user['confirm'] = $request->confirm; // $user['birthday'] = $birthday = strtotime($request->Birthday_Day . $request->Birthday_Month . $request->Birthday_Year); //$user['tags'] = $tag_array = RivetyCore_Common::makeTagArray($request->tags); // $user['gender'] = $request->gender; // $user['country_code'] = $request->country_code; // $user['aboutme'] = $request->aboutme; // validate email if (!RivetyCore_Validate::checkEmail($user['email'])) { $errors[] = $this->_T("Email is not valid"); } // check to see if email is in use already by someone else if ($this->_users_table->isEmailInUse($user['email'],$user['username'])) { $errors[] = $this->_T("Email already in use"); } // if password isn't blank, validate it if ($user['password'] != "") { if (!RivetyCore_Validate::checkLength($user['password'], 6, RivetyCore_Registry::get('password_length'))) { $errors[] = $this->_T("Password must be between %d and %d characters",array(6, RivetyCore_Registry::get('password_length'))); } // if password is set, make sure it matches confirm if ($user['password'] != $user['confirm']) { $errors[] = $this->_T("Passwords don't match"); } } // if (!RivetyCore_Validate::checkLength($user['aboutme'], 0, RivetyCore_Registry::get('user_about_me_length'))) // { // $errors[] = $this->_T("About me must be less than %d characters.",RivetyCore_Registry::get('user_about_me_length')); // } // convert birthday_ts to mysql date //$birthday = date("Y-m-d H:i:s", $user['birthday']); $params = array( 'request' => $this->getRequest(), 'user' => $user, 'errors' => $errors, ); // // upload new avatar image if present // if (array_key_exists('filedata', $_FILES)) { // if ($_FILES['filedata']['tmp_name'] != '') { // $users_table = new Users(); // $destination_path = $users_table->getAvatarPath($user['username']); // $destination_filename = $users_table->getAvatarPath($user['username'], true); // if (!is_dir($destination_path)) { // mkdir($destination_path, 0777, true); // RivetyCore_Log::report("Creating user folder at ".$destination_path, null, Zend_Log::DEBUG); // } // if (file_exists($destination_filename)) { // unlink($destination_filename); // RivetyCore_Log::report("Deleted existing user avatar from ".$destination_path, null, Zend_Log::DEBUG); // } else { // RivetyCore_Log::report("User avatar did not exist in ".$destination_path, null, Zend_Log::DEBUG); // } // move_uploaded_file($_FILES['filedata']['tmp_name'], $destination_filename); // Users::clearUserCache($user['username']); // RivetyCore_Log::report("User avatar uploaded to ".$destination_path, null, Zend_Log::DEBUG); // $params['user']['hasnewfile'] = true; // } else { // $params['user']['hasnewfile'] = false; // } // } $additional = $this->_rivety_plugin->doFilter($this->_mca."_pre_save", $params); // FILTER HOOK $errors = $additional['errors']; $user = $additional['user']; // if (strlen($user['full_name']) < 1) $user['full_name'] = $this->_T("Unidentified User"); if (count($errors) == 0) { $data = array( 'email' => $user['email'], // 'full_name' => $user['full_name'], // 'birthday' => $birthday, // 'aboutme' => nl2br($user['aboutme']), // 'gender' => $user['gender'], // 'country_code' => $user['country_code'], //'tags' => serialize($tag_array), 'last_modified_on' => date(DB_DATETIME_FORMAT), ); if ($user['password'] != "") { $data['password'] = $user['password']; } $where = $this->_users_table->getAdapter()->quoteInto('username = ?', $this->_username); $this->_users_table->update($data, $where); $this->_rivety_plugin->doAction('default_user_edit_post_save', array('username' => $this->_username)); // ACTION HOOK $this->view->success = $this->_T("Profile Updated."); } else { $this->view->errors = $errors; } } //$this->view->tags = RivetyCore_Common::makeTagString($tags); // $this->view->end_year = -(RivetyCore_Registry::get('minimum_registration_age')); // multiply min age by number of seconds in a year // $this->view->genders = RivetyCore_Common::getGenderArray(); // $user['aboutme'] = RivetyCore_Common::br2nl(stripslashes($user['aboutme'])); $this->view->user = $user; } }
function editAction() { $request = new RivetyCore_Request($this->getRequest()); $modules_table = new Modules('modules'); $modules_table_core = new Modules('core'); $roles_resources_table = new RolesResources(); $roles_res_extra_table = new RolesResourcesExtra(); if ($request->has("id")) { $role_id = $request->id; $roles_table = new Roles(); $role = $roles_table->fetchRow("id = " . $role_id); if (!is_null($role)) { $this->view->role = $role->toArray(); $this->view->roleshortname = $role->shortname; } else { $this->_redirect("/role"); } } else { $this->_redirect("/role"); } if ($request->has("modid")) { if ($modules_table->exists($request->modid)) { $module_id = $request->modid; } else { $module_id = "default"; } } else { $module_id = "default"; } if ($this->getRequest()->isPost()) { $resources = $this->getRequest()->getPost('resource'); // Hose everything for this role and module $where = $roles_resources_table->getAdapter()->quoteInto("role_id = ? and ", $role_id); $where .= $roles_resources_table->getAdapter()->quoteInto("module = ? ", $module_id); $roles_resources_table->delete($where); foreach ($resources as $resource) { $resource_array = explode("-", $resource); $resource_module = $resource_array[0]; $resource_controller = $resource_array[1]; $resource_action = $resource_array[2]; $data = array( 'role_id' => $role_id, 'module' => $resource_module, 'controller' => $resource_controller, 'action' => $resource_action, ); $roles_resources_table->insert($data); } $where = $roles_res_extra_table->getAdapter()->quoteInto("role_id = ? and ", $role_id); $where .= $roles_res_extra_table->getAdapter()->quoteInto("module = ? ", $module_id); $roles_res_extra_table->delete($where); if ($request->has("extra_resource")) { foreach ($request->extra_resource as $extra_resource_item) { $data = array( 'role_id' => $role_id, 'module' => $module_id, 'resource'=> $extra_resource_item, ); $roles_res_extra_table->insert($data); } } $this->view->success = $this->_T("Resources updated."); } $db_roles_resources = $roles_resources_table->fetchAll('role_id = ' . $role_id ); $resources = array(); foreach ($db_roles_resources as $resource) { if (!array_key_exists($resource->module, $resources)) { $resources[$resource->module] = array(); } if (!array_key_exists($resource->controller, $resources[$resource->module])) { $resources[$resource->module][$resource->controller] = array(); } $resources[$resource->module][$resource->controller][] = $resource->action; } /* * This is a poor man's introspector. The reflection API needs the classes actually available, * which creates naming conflicts between modules. What I do instead is read the physical files, * line by line, find the lines with "function fooAction" and determine that the action name is * "foo". It's a hack, but it works. */ $all_actions = array(); $modules = array(); $controllerdirs = array(); $enabled_modules = $modules_table->getEnabledModules(); foreach ($enabled_modules as $enabled_module) { $module_dir = 'modules'; if ($enabled_module == 'default') $module_dir = 'core'; $controllerdirs[$enabled_module] = Zend_Registry::get("basepath") . DIRECTORY_SEPARATOR . $module_dir . DIRECTORY_SEPARATOR . $enabled_module . DIRECTORY_SEPARATOR . "controllers"; } $controllerdir = $controllerdirs[$module_id]; $d = dir($controllerdir); $modules[] = $module_id; while (($entry = $d->read()) !== false) { if ($entry != '.' and $entry != '..' and $entry != '.svn') { $controller_name = substr($entry, 0, stripos($entry, 'Controller.php')); if ($module_id != "default" && substr($controller_name, 0, 1) == "_") { $controller_name = substr($controller_name, stripos($controller_name, '_') + 1); } $lines = file($controllerdir . DIRECTORY_SEPARATOR . $entry); foreach ($lines as $line) { if (preg_match('/function.*Action.*\(.*\).*\{?/', $line)) { $action_name = trim(preg_replace('/Action.*/', '', preg_replace('/^.*function/', '', $line))); $allowed = false; if (array_key_exists($module_id, $resources)) { if (array_key_exists($controller_name, $resources[$module_id])) { if (in_array($action_name, $resources[$module_id][$controller_name])) { $allowed = true; } } } $inherited = false; if (count($roles_table->getInheritedRoles($role_id)) > 0) { $inherited = $this->isResourceInherited($module_id, $controller_name, $action_name, $role_id); } $all_actions[$module_id][$controller_name][$action_name] = array( 'allowed' => $allowed, 'inherited' => $inherited, ); } } } } $d->close(); $this->view->modid = $module_id; if ($module_id == 'default') $mod_cfg = $modules_table_core->parseIni($module_id); else $mod_cfg = $modules_table->parseIni($module_id); $this->view->module_title = $mod_cfg['general']['name']; $this->view->actions = $all_actions; $this->view->modules = $enabled_modules; // get "extra" resources $extra_resources = array(); if (array_key_exists('resources', $mod_cfg)) { foreach ($mod_cfg['resources'] as $resource_name => $nicename) { $extra_resources[$resource_name]['nicename'] = $nicename; $extra_resources[$resource_name]['inherited'] = $this->isExtraResourceInherited($module_id, $resource_name, $role_id); $extra_resources[$resource_name]['allowed'] = $roles_res_extra_table->isAllowed($role_id, $module_id, $resource_name); } } $this->view->extra_resources = $extra_resources; $this->view->breadcrumbs = array( 'Roles' => '/default/role/index', $role['shortname'] => '/default/role/edit/id/' . $role['id'], 'Resources' => null, ); }
function deleteAction() { $request = new RivetyCore_Request($this->getRequest()); $role_id = $request->role_id; $nav_table = new Navigation($role_id,$this->locale_code); $nav_id = (int)$request->nav_id; $nav = $nav_table->fetchRow($nav_table->getAdapter()->quoteInto("id = ?", $nav_id)); if ($request->has("nav_id") && $request->has("role_id") && !is_null($nav)) { $this->view->nav = $nav->toArray(); if ($nav_table->hasChildren($nav_id)) { $this->view->can_delete = false; $this->view->notice = 'Sorry, you cannot delete a link that has children.'; } else { $this->view->can_delete = true; if ($this->getRequest()->isPost()) { $delete = trim(strtolower($this->_request->getPost('delete'))); if ($delete == 'yes' && $nav_id > 0) { $nav_table->delete('id = ' . $nav_id); } RivetyCore_Cache::removeByTags(array('navigation')); $this->_redirect('/default/navigation/editrole/id/' . $role_id . '/'); } } $this->view->nav_id = $nav_id; $this->view->role_id = $role_id; } else { $this->_forward('default', 'auth', 'missing'); return; } }
function setcookieAction() { // TODO maybe? - prevent people from viewing this page if localization is not enabled $request = new RivetyCore_Request($this->getRequest()); if ($request->has("code") && $request->code != "") { $locale_code = $request->code; $time = RivetyCore_Registry::get('locale_cache_lifetime'); if (RivetyCore_Translate::validateLocaleCode($locale_code)) { setcookie("locale_code", $locale_code, time() + $time , "/"); if ($request->has("return_url")) { $url_filter = new RivetyCore_Url_Filter(); header("Location: ".$url_filter->filter($request->return_url, array('locale_code' => $locale_code))); } else { header("Location: /".$locale_code); } } } else { $this->_redirect("/default/locale/choose/"); } }
function testdataAction() { $request = new RivetyCore_Request($this->getRequest()); if ($this->getRequest()->isPost()) { $errors = array(); $data_path = $request->data_path; $data_file = $data_path . "/users.dat"; $image_dir = $data_path . "/images"; $users_table = new Users(); $users_roles_table = new UsersRoles(); if($request->has("email_domain")){ $email_domain = $request->email_domain; } else { $email_domain = "nowhere.com"; } if (!file_exists($data_file)) { $errors[] = $this->_T("Data file missing. Check path."); } else { $users = unserialize(file_get_contents($data_file)); if (!is_array($users)) { $errors[] = $this->_T("Data file is corrupt or something."); } } if (count($errors) == 0) { $old_users = $users_table->fetchAll(); // foreach ($old_users as $old_user) { // if ($users_table->getMetaData($old_user->username, "is_test_user") == "true") { // $where = $users_table->getAdapter()->quoteInto("username = ?", $old_user->username); // $users_table->delete($where); // $users_roles_table->delete($where); // } // } $count = 0; foreach ($users as $user) { $tmp_user = array(); foreach ($user as $key => $value) { $tmp_user[$key] = $value; // if ($key != "avatar") { // } } $tmp_user['email'] = strtolower($tmp_user['username'] . "@" . $email_domain); $tmp_user['password'] = "******"; // $destination_path = $users_table->getAvatarPath($user['username']); // $destination_filename = $users_table->getAvatarPath($user['username'], true); // if (!is_dir($destination_path)) { // mkdir($destination_path, 0777, true); // } // if (file_exists($destination_filename)) { // unlink($destination_filename); // } // $source_image = $image_dir."/".$user['avatar']; // copy($source_image, $destination_filename); $role_data = array("username" => $tmp_user['username'],"role_id" => $tmp_user['role_id']); $users_roles_table->insert($role_data); unset($tmp_user['role_id']); $users_table->insert($tmp_user); // $users_table->setMetaData($tmp_user['username'], "is_test_user", "true"); $save_users[] = $user; $count++; } $this->view->success = "User data loaded. Created ".$count." users."; RivetyCore_Registry::set('test_data_path', $request->data_path); $this->view->data_path = RivetyCore_Registry::get('test_data_path'); $this->view->email_domain = $email_domain; } else { $this->view->errors = $errors; $this->view->data_path = Zend_Registry::get('basepath')."/tmp/testdata"; $this->view->email_domain = $request->email_domain; } } else { $this->view->data_path = Zend_Registry::get('basepath')."/tmp/testdata"; $this->view->email_domain = "nowhere.com"; $this->view->notice = $this->_T("Warning: If you are reinstalling the test data, the old test data will be overwritten. Users created outside the test data should not be affected."); } }
function deleteAction() { $request = new RivetyCore_Request($this->getRequest()); $roles_table = new Roles(); if ($request->has('id')) { $id = $request->id; $role = $roles_table->fetchRow("id = ".$id); if (is_null($role)) { $this->_redirect('/default/role'); } } else { $this->_redirect('/default/role'); } if ($this->getRequest()->isPost() and $request->has("delete")) { $errors = array(); // can't be last admin if ((boolean)$role->isadmin and $roles_table->getCountByWhereClause("isadmin = 1") == 1) { $errors[] = $this->_T("This is the only admin role. It cannot be deleted."); } // can't be guest if ((boolean)$role->isguest) { $errors[] = $this->_T("This is the guest role. It cannot be deleted."); } // can't be default if ((boolean)$role->isdefault) { $errors[] = $this->_T("This is the default role. It cannot be deleted."); } // can't have any users $userwhereclause = "role_id = " . $role->id; $users_table = new UsersRoles(); if ($users_table->getCountByWhereClause($userwhereclause) > 0) { $errors[] = $this->_T("This role cannot be deleted because there are users assigned to it."); } // can't have children $inherited_by = $roles_table->fetchImmediateChildren($role->id); if (count($inherited_by) > 0) { $error = $this->_T("This role is inherited by role(s) "); $firstpass = true; foreach ($inherited_by as $role_i) { if ($firstpass) { $firstpass = false; } else { $error .= ", "; } $error .= $role_i->shortname; } $error .= $this->_T(". It cannot be deleted."); $errors[] = $error; } if ($request->delete == "Yes") { if (count($errors) > 0) { $this->view->errors = $errors; } else { $roles_table->delete("id = ".$id); $this->view->success = $this->_T("Role deleted."); } } else { $this->_redirect("/default/role"); } } $this->view->role = $role->toArray(); $this->view->breadcrumbs = array( 'Roles' => '/default/role/index', 'Delete Role: ' . $role['shortname'] => null, ); }
public function listAction() { $request = new RivetyCore_Request($this->getRequest()); $base_path = RivetyCore_Registry::get('upload_path') . "/rivetycommon"; if (!$request->has("folder") || empty($request->folder)) die("error - folder is empty or doesn't exist"); $photos = array(); $dir = new DirectoryIterator($base_path . "/" . $request->folder); foreach ($dir as $file_info) { $extension = pathinfo($file_info, PATHINFO_EXTENSION); if (!$file_info->isDir() && !$file_info->isDot() && in_array(strtolower($extension), $this->_allowed_extensions)) { $photos[] = $file_info->__toString(); } } natsort($photos); $photos = array_values($photos); if ($this->format == 'json') die(Zend_Json::encode($photos)); }
function loginAction() { $errors = array(); $request = new RivetyCore_Request($this->getRequest()); if ($request->has('ourl')) { $url_param = strip_tags($request->ourl); $this->view->ourl = $url_param; // $this->view->url_param = $url_param; $url_param = base64_decode($url_param); // $this->view->url_param_decoded = $url_param; } $params = array('request' => $request); $params = $this->_rivety_plugin->doFilter($this->_mca . '_before', $params); // FILTER HOOK foreach ($params as $key => $value) { if ($key != 'request') $this->view->$key = $value; } unset($params); $appNamespace = new Zend_Session_Namespace('RivetyCore_Temp'); if ($this->getRequest()->isPost() or $appNamespace->autoLogin) { // collect the data from the user $filter = new Zend_Filter_StripTags(); $appNamespace = new Zend_Session_Namespace('RivetyCore_Temp'); if ($appNamespace->autoLogin) { $autologin = true; $username = $appNamespace->autoLoginUsername; $plain_password = $appNamespace->autoLoginPassword; $password = $appNamespace->autoLoginPasswordHash; $appNamespace->autoLogin = null; $appNamespace->autoLoginUsername = null; $appNamespace->autoLoginPassword = null; $appNamespace->autoLoginPasswordHash = null; } else { $username = $filter->filter($this->_request->getPost('username')); $plain_password = $filter->filter($this->_request->getPost('password')); $password = md5($plain_password); } // setup Zend_Auth adapter for a database table $dbAdapter = Zend_Db_Table::getDefaultAdapter(); $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter); $authAdapter->setTableName('default_users'); $authAdapter->setIdentityColumn('username'); $authAdapter->setCredentialColumn('password'); // Set the input credential values to authenticate against $authAdapter->setIdentity($username); $authAdapter->setCredential($password); // do the authentication $auth = Zend_Auth::getInstance(); try { $result = $auth->authenticate($authAdapter); if ($result->isValid()) { $appNamespace->last_login = $username; // success : store database row to auth's storage system // (not the password though!) $data = $authAdapter->getResultRowObject(null, 'password'); $auth->getStorage()->write($data); Zend_Loader::loadClass('Zend_Session'); $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); $defaultNamespace->setExpirationSeconds((int)RivetyCore_Registry::get('session_timeout')); //update user last_login_on $users_table = new Users(); $where = $users_table->getAdapter()->quoteInto('username = ?', $username); $users_table->update(array('last_login_on' => date(DB_DATETIME_FORMAT)), $where); $params = array( 'username' => $username, 'password' => $plain_password, 'locale_code' => $this->locale_code, ); if (!empty($url_param)) $params['requested_url'] = $url_param; else $params['requested_url'] = null; $this->_rivety_plugin->doAction($this->_mca . '_success', $params); // ACTION HOOK $this->_rivety_plugin->doAction($this->_mca . '_login_success', $params); // ACTION HOOK (deprecated) if ($this->_request->isXmlHttpRequest()) { $user = $users_table->fetchByUsername($username)->toArray(); $this->view->json = Zend_Json::encode($user); $this->_forward('loginajax', $request->controller, $request->module); return; } // TODO - fix view states // $redirect_url = RivetyCore_Common::getViewState($this->session, 'last_visited', "/profile/" . $username); if ($this->format != 'json') { $redirect_url = '/default/auth/loginredirect/'; if (!empty($params['requested_url'])) $redirect_url = $params['requested_url']; $this->_redirect($redirect_url); } } else { // failure: clear database row from session $appNamespace->last_login = null; $errors[] = $this->_T('Login failed.'); $params = array('username' => $username); $this->_rivety_plugin->doAction($this->_mca . '_failure', $params); // ACTION HOOK $this->_rivety_plugin->doAction($this->_mca . '_login_failure', $params); // ACTION HOOK (deprecated) } } catch (Exception $e) { $appNamespace->last_login = null; $errors = array($e->getMessage()); } } if ($this->_request->isXmlHttpRequest() && !empty($errors)) { $json = array('errors' => $errors); $this->view->json = Zend_Json::encode($json); $this->_forward('loginajax', $request->controller, $request->module); return; } $this->view->last_login = $appNamespace->last_login; foreach ($errors as $error) { $this->screenAlert('error', $error); } $errors = null; switch ($this->format) { case 'json': die(!empty($this->screen_alerts) ? json_encode(array('messages' => $this->screen_alerts)) : '200 OK'); default: break; } }
function uninstallAction() { $request = new RivetyCore_Request($this->getRequest()); if ($request->has('id')) { $this->view->id = $request->id; $this->view->notice = $this->_T("You are about to uninstall a module. This cannot be undone."); } else { $this->_redirect('/default/module/index'); } if ($this->getRequest()->isPost()) { $del = strtolower($request->delete); if ($del == 'yes' && $request->has('id')) { $this->_redirect("/default/module/index/id/" . $request->id . "/perform/uninstall"); } else { $this->_redirect('/default/module/index'); } } $this->view->breadcrumbs = array( 'Manage Rivety Modules' => '/default/module/index', 'Uninstall Module' => null ); }