/** * Mmeber_profile edit * * @access public * @return Response */ public function action_edit($type = null) { list($type, $is_regist) = self::validate_type($type, $this->u->id); $form_member_profile = new Form_MemberProfile($type == 'regist' ? 'regist-config' : 'config', $this->u); $form_member_profile->set_validation(); if (\Input::method() == 'POST') { \Util_security::check_csrf(); try { $form_member_profile->validate(true); \DB::start_transaction(); $form_member_profile->seve(); if ($is_regist) { Model_MemberConfig::delete_value($this->u->id, 'terms_un_agreement'); } \DB::commit_transaction(); $message = $is_regist ? sprintf('%sが%sしました。', term('site.registration'), term('form.complete')) : term('profile') . 'を編集しました。'; $redirect_uri = $is_regist ? $this->after_auth_uri : 'member/profile'; \Session::set_flash('message', $message); \Response::redirect($redirect_uri); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } } $this->set_title_and_breadcrumbs(term('profile') . term($is_regist ? 'site.registration' : 'form.edit'), $is_regist ? array() : array('member/profile' => term('common.my', 'profile')), $is_regist ? null : $this->u); $this->template->content = View::forge('member/profile/edit', array('is_regist' => $is_regist, 'val' => $form_member_profile->get_validation(), 'member_public_flags' => $form_member_profile->get_member_public_flags(), 'profiles' => $form_member_profile->get_profiles(), 'member_profile_public_flags' => $form_member_profile->get_member_profile_public_flags())); }
/** * Mmeber setting viewtype * * @access public * @return Response */ public function action_index() { $page_name = term('notice', 'site.setting'); $val = \Form_MemberConfig::get_validation($this->u->id, 'notice', 'Notice'); if (\Input::method() == 'POST') { \Util_security::check_csrf(); try { if (!$val->run()) { throw new \FuelException($val->show_errors()); } $post = $val->validated(); \DB::start_transaction(); \Form_MemberConfig::save($this->u->id, $val, $post); \DB::commit_transaction(); \Session::set_flash('message', $page_name . 'を変更しました。'); \Response::redirect('member/setting'); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } } $this->set_title_and_breadcrumbs($page_name, array('member/setting' => term('site.setting', 'form.update')), $this->u); $this->template->content = \View::forge('member/setting/_parts/form', array('val' => $val, 'label_size' => 5, 'form_params' => array('common' => array('radio' => array('layout_type' => 'grid'))))); }
/** * Mmeber setting timeline_view * * @access public * @return Response */ public function action_viewtype() { $page_name = term('timeline', 'site.view', 'site.setting'); $val = \Form_MemberConfig::get_validation($this->u->id, 'timeline_viewType'); if (Input::method() == 'POST') { Util_security::check_csrf(); try { if (!$val->run()) { throw new \FuelException($val->show_errors()); } $post = $val->validated(); \DB::start_transaction(); \Form_MemberConfig::save($this->u->id, $val, $post); \DB::commit_transaction(); \Session::set_flash('message', $page_name . 'を変更しました。'); \Response::redirect('member/setting'); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } } $this->set_title_and_breadcrumbs($page_name, array('member/setting' => term('site.setting', 'form.update')), $this->u); $this->template->content = \View::forge('member/setting/timeline_viewtype', array('val' => $val)); }
/** * Note delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { \Util_security::check_csrf(\Input::get(\Config::get('security.csrf_token_key'))); $comment = Model_NoteComment::check_authority($id, $this->u->id); $comment->delete(); \Session::set_flash('message', term('note') . 'を削除しました。'); \Response::redirect('note/detail/' . $comment->note_id); }
/** * Album image comment delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { $id = (int) $id; $album_image_comment = Model_AlbumImageComment::check_authority($id, $this->u->id); \Util_security::check_csrf(\Input::get(\Config::get('security.csrf_token_key'))); $album_image_id = $album_image_comment->album_image_id; $album_image_comment->delete(); \Session::set_flash('message', 'コメントを削除しました。'); \Response::redirect('album/image/' . $album_image_id); }
function form_open($exists_required_fields = false, $is_upload = false, $atter = array(), $hidden = array(), $form_title = '') { $atter_default = array('class' => 'form-stacked form-horizontal', 'method' => 'post', 'id' => site_get_form_id()); $atter = array_merge($atter_default, $atter); if ($is_upload) { $atter['enctype'] = 'multipart/form-data'; } $hidden_default = array(Config::get('security.csrf_token_key') => Util_security::get_csrf()); $hidden = array_merge($hidden_default, $hidden); return render('_parts/form/open', array('exists_required_fields' => $exists_required_fields, 'atter' => $atter, 'hidden' => $hidden, 'title' => $form_title)); }
public function action_delete() { Util_security::check_method('POST'); Util_security::check_csrf(); $form = $this->form_leave(); $val = $form->validation(); if (!$val->run()) { Session::set_flash('error', $val->show_errors()); $this->action_index(); return; } if (!$this->u->check_registered_oauth(true) && !$this->auth_instance->check_password()) { Session::set_flash('error', term('site.password') . 'が正しくありません'); $this->action_index(); return; } $error_message = ''; $is_transaction_rollback = false; try { $message = Site_Member::remove($this->u); $this->auth_instance->logout(); Session::set_flash('message', $message); Response::redirect(conf('login_uri.site')); } catch (EmailValidationFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (EmailSendingFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (SimpleUserUpdateException $e) { $is_transaction_rollback = true; $error_message = term('member.view') . 'が存在しません。'; } catch (Database_Exception $e) { $is_transaction_rollback = true; $error_message = Site_Controller::get_error_message($e, true); } catch (FuelException $e) { $is_transaction_rollback = true; if (!($error_message = $e->getMessage())) { $error_message = term('site.left') . 'に失敗しました。'; } } if ($error_message) { if ($is_transaction_rollback && DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', $error_message); } $this->action_index(); }
public function action_change_password() { Util_security::check_method('POST'); Util_security::check_csrf(); $form = $this->form_setting_password(); $val = $form->validation(); if (!$val->run()) { Session::set_flash('error', $val->show_errors()); $this->action_password(); return; } $post = $val->validated(); $error_message = ''; $is_transaction_rollback = false; try { DB::start_transaction(); $this->change_password($post['old_password'], $post['password']); DB::commit_transaction(); $mail = new Site_Mail('memberSettingPassword'); $mail->send($this->u->member_auth->email, array('to_name' => $this->u->name)); Session::set_flash('message', term('site.password') . 'を変更しました。'); Response::redirect('member/setting'); } catch (EmailValidationFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (EmailSendingFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (WrongPasswordException $e) { $is_transaction_rollback = true; $error_message = sprintf('現在の%sが正しくありません。', term('site.password')); } catch (\Auth\SimpleUserUpdateException $e) { $is_transaction_rollback = true; $error_message = term('site.password') . 'の変更に失敗しました。'; } catch (Database_Exception $e) { $is_transaction_rollback = true; $error_message = Site_Controller::get_error_message($e, true); } catch (FuelException $e) { $is_transaction_rollback = true; $error_message = $e->getMessage(); } if ($error_message) { if ($is_transaction_rollback && DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', $error_message); } $this->action_password(); }
/** * Mmeber leave * * @access public * @return Response */ public function action_index() { $val = self::get_validation_object(); if (\Input::method() == 'POST') { \Util_security::check_csrf(); $success_message = sprintf('%sを%sしました。', term('form.invite', 'site.mail'), term('form.post')); $error_message = ''; $is_transaction_rollback = false; try { if (!$val->run()) { throw new ValidationFailedException($val->show_errors()); } $post = $val->validated(); if (Model_MemberPre::get_one4invite_member_id_and_email($this->u->id, $post['email'])) { throw new ValidationFailedException(sprintf('その%sは既に%sです。', term('site.email'), term('form.invited'))); } DB::start_transaction(); $token = Model_MemberPre::save_with_token($post['email'], null, $this->u->id); DB::commit_transaction(); $mail = new Site_Mail('memberInvite'); $mail->send($post['email'], array('register_url' => sprintf('%s?token=%s', Uri::create('member/register'), $token), 'invite_member_name' => $this->u->name, 'invite_message' => $post['message'])); Session::set_flash('message', $success_message); Response::redirect('member/invite'); } catch (ValidationFailedException $e) { $error_message = Site_Controller::get_error_message($e); } catch (EmailValidationFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (EmailSendingFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (\Database_Exception $e) { $is_transaction_rollback = true; $error_message = Site_Controller::get_error_message($e, true); } catch (FuelException $e) { $is_transaction_rollback = true; $error_message = Site_Controller::get_error_message($e); } if ($is_transaction_rollback && DB::in_transaction()) { DB::rollback_transaction(); } if ($error_message) { Session::set_flash('error', $error_message); } } $this->set_title_and_breadcrumbs(term('form.invite_friend'), null, $this->u); $this->template->content = \View::forge('member/invite', array('val' => $val, 'member_pres' => Model_MemberPre::get4invite_member_id($this->u->id))); }
/** * The login. * * @access public * @return Response or void */ public function action_login($_provider = null, $method = null) { // Already logged in Auth::check() and Response::redirect('member'); if ($_provider) { return $this->opauth_login_start($_provider, $method); } $destination = Session::get_flash('destination') ?: Input::post('destination', ''); if (Input::method() == 'POST') { try { Util_security::check_csrf(); if (!$this->login_val->run()) { throw new FuelException($this->login_val->show_errors()); } $post = $this->login_val->validated(); $posted_email = Arr::get($post, \Config::get('uzuraauth.username_post_key')); $posted_password = Arr::get($post, \Config::get('uzuraauth.password_post_key')); $auth = Auth::instance(); // account lock check. if ($auth->check_is_account_locked($posted_email)) { throw new FuelException('アカウントがロックされています'); } // login check. if (!Auth::check() && !$auth->login($posted_email, $posted_password)) { throw new FuelException(); } // does the user want to be remembered? if (Input::param('rememberme', false)) { // create the remember-me cookie Auth::remember_me(); } else { // delete the remember-me cookie if present Auth::dont_remember_me(); } // credentials ok, go right in return $this->login_succeeded($destination); } catch (FuelException $e) { $this->login_failed(false, $e->getMessage()); } } $this->set_title_and_breadcrumbs('ログイン'); $this->template->content = View::forge('auth/_parts/login', array('destination' => $destination)); }
/** * The edit_all action. * * @access public * @return void */ public function action_edit_all() { $news_categories = \News\Model_NewsCategory::get_all(); $posted_vals = array(); if (\Input::method() == 'POST') { try { \Util_security::check_csrf(); $posted_vals = \Input::post('labels'); if (count($posted_vals) != count($news_categories)) { throw new \httpinvalidinputexception(); } \DB::start_transaction(); foreach ($news_categories as $news_category) { $value = $posted_vals[$news_category->id]; if (!strlen($value)) { throw new \httpinvalidinputexception('未入力の項目があります。'); } if ($value !== $news_category->label) { $news_category->label = $value; $news_category->save(); } } \DB::commit_transaction(); \Session::set_flash('message', term('news.category.view') . 'を編集しました。'); \Response::redirect('admin/news/category'); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } } $vals = array(); foreach ($news_categories as $news_category) { $vals[$news_category->id] = isset($posted_vals[$news_category->id]) ? $posted_vals[$news_category->id] : $news_category->label; } $this->set_title_and_breadcrumbs(term('news.view', 'news.category.label', 'form.edit_all'), array('admin/news' => term('news.view', 'site.management'), 'admin/news/category' => term('news.category.view', 'site.management'))); $this->template->content = \View::forge('news/category/edit_all', array('vals' => $vals, 'news_categories' => $news_categories)); }
/** * News delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { $id = (int) $id; \Util_security::check_method('POST'); \Util_security::check_csrf(); $error_message = ''; $is_transaction_rollback = false; try { $member = \Model_Member::check_authority($id); $message = \Site_Member::remove($member); \Session::set_flash('message', $message); } catch (\EmailValidationFailedException $e) { \Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (\EmailSendingFailedException $e) { \Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (\Auth\SimpleUserUpdateException $e) { $is_transaction_rollback = true; $error_message = term('member.view') . 'が存在しません。'; } catch (\Database_Exception $e) { $is_transaction_rollback = true; $error_message = \Site_Controller::get_error_message($e, true); } catch (\FuelException $e) { $is_transaction_rollback = true; if (!($error_message = $e->getMessage())) { $error_message = term('site.left') . 'に失敗しました。'; } } if ($error_message) { if ($is_transaction_rollback && \DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $error_message); } \Response::redirect(\Site_Util::get_redirect_uri('admin/member')); }
public function action_login() { // Already logged in \Auth::check() and \Response::redirect('admin'); $destination = \Session::get_flash('destination') ?: \Input::post('destination', ''); $val = \Validation::forge(); $val->add(\Config::get('security.csrf_token_key'), '', array('type' => 'hidden', 'value' => \Util_security::get_csrf())); $val->add('email', 'Username')->add_rule('required'); $val->add('password', 'Password', array('type' => 'password'))->add_rule('required'); if (\Input::method() == 'POST') { if ($val->run()) { $auth = \Auth::instance(); // check the credentials. This assumes that you have the previous table created if (\Auth::check() or $auth->login(\Input::post('email'), \Input::post('password'))) { // credentials ok, go right in return $this->login_succeeded($destination); } else { \Session::set_flash('error', 'ログインに失敗しました'); } } } $this->set_title_and_breadcrumbs('Login', null, null, null, null, true); $this->template->content = \View::forge('login', array('val' => $val, 'destination' => $destination)); }
/** * News delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { \Util_security::check_method('POST'); \Util_security::check_csrf(); $content_page = \Content\Model_ContentPage::check_authority($id); $error_message = ''; try { \DB::start_transaction(); $content_page->delete(); \DB::commit_transaction(); \Session::set_flash('message', term('content.page') . 'を削除しました。'); } catch (\Database_Exception $e) { $error_message = \Site_Controller::get_error_message($e, true); } catch (\FuelException $e) { $error_message = $e->getMessage(); } if ($error_message) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $error_message); } \Response::redirect(\Site_Util::get_redirect_uri('admin/content/page')); }
function get_csrf_query_str($delimitter = '?') { return sprintf('%s%s=%s', $delimitter, Config::get('security.csrf_token_key'), Util_security::get_csrf()); }
/** * Note publish * * @access public * @params integer * @return Response */ public function action_publish($id = null) { \Util_security::check_method('POST'); \Util_security::check_csrf(); $note = Model_Note::check_authority($id, $this->u->id); if ($note->is_published) { \Session::set_flash('error', '既に公開されています。'); \Response::redirect('note/detail/' . $id); } try { \DB::start_transaction(); list($is_changed, $is_published) = $note->save_with_relations($this->u->id, array('is_published' => 1)); \DB::commit_transaction(); \Session::set_flash('message', term('note') . 'を公開しました。'); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } \Response::redirect('note/detail/' . $id); }
/** * Action image delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { \Util_security::check_csrf(); $site_image = \Model_SiteImage::check_authority($id); try { \DB::start_transaction(); $site_image->delete(); \DB::commit_transaction(); \Session::set_flash('message', term('site.image') . 'を削除しました。'); \Response::redirect('admin/content/image'); } catch (\Database_Exception $e) { $error_message = \Site_Controller::get_error_message($e, true); } catch (Exception $e) { $error_message = $e->getMessage(); } if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $error_message); \Response::redirect('admin/content/image/' . $id); }
/** * Mmeber_Profile_Image delete * * @access public * @return Response */ public function action_delete($album_image_id = null) { try { Util_security::check_csrf(); if (!conf('upload.types.img.types.m.save_as_album_image')) { throw new HttpNotFoundException(); } $album_image = \Album\Model_AlbumImage::check_authority($album_image_id, $this->u->id); if ($album_image->album->foreign_table != 'member') { throw new FuelException('Disabled to set album image as profile image.'); } DB::start_transaction(); $album_image->delete(); DB::commit_transaction(); Session::set_flash('message', term('profile', 'site.picture') . 'を削除しました。'); } catch (Database_Exception $e) { if (DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', Site_Controller::get_error_message($e, true)); } catch (FuelException $e) { if (DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', $e->getMessage()); } Response::redirect('member/profile/image'); }
/** * Album_image delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { \Util_security::check_method('POST'); \Util_security::check_csrf(); $album_image = Model_Albumimage::check_authority($id, $this->u->id); $album_id = $album_image->album_id; try { \DB::start_transaction(); $album_image->delete(); \DB::commit_transaction(); \Session::set_flash('message', term('album_image') . 'を削除しました。'); } catch (Exception $e) { \Session::set_flash('error', $e->getMessage()); \DB::rollback_transaction(); } \Response::redirect('album/' . $album_id); }
var is_current_protocol = (arguments.length > 0) ? arguments[0] : false; if (is_current_protocol) return '<?php echo Uri::base(true); ?> '; return '<?php echo Uri::base(); ?> '; } function get_token_key() {return '<?php echo Config::get('security.csrf_token_key'); ?> ';} function get_token() {return '<?php echo Util_security::get_csrf(); ?> ';} function is_sp() {return <?php echo IS_SP ? 'true' : 'false'; ?> ;} function get_term(key) { var terms = { <?php if (conf('memberRelation.follow.isEnabled')) { ?> 'follow': '<?php echo term('follow'); ?> ',
foreach ($input['lang'] as $lang) { echo Form::hidden('lang[]', $lang, array('dont_prep' => true)); } ?> <div class="actions"> <?php echo Form::submit('submit1', '修正'); ?> </div> <?php echo Form::close(); ?> <?php echo Form::open('contact/send'); echo Form::hidden(Config::get('security.csrf_token_key'), Util_security::get_csrf()); echo Form::hidden('name', $input['name'], array('id' => 'name', 'dont_prep' => true)); echo Form::hidden('email', $input['email'], array('id' => 'email', 'dont_prep' => true)); echo Form::hidden('comment', $input['comment'], array('id' => 'comment', 'dont_prep' => true)); echo Form::hidden('gender', $input['gender'], array('id' => 'gender', 'dont_prep' => true)); echo Form::hidden('kind', $input['kind'], array('id' => 'kind', 'dont_prep' => true)); foreach ($input['lang'] as $lang) { echo Form::hidden('lang[]', $lang, array('id' => 'lang', 'dont_prep' => true)); } ?> <div class="actions"> <?php echo Form::submit('submit2', '送信'); ?> </div> <?php
private function change_publish_status($id, $target_status) { $target_status = \Util_string::cast_bool_int($target_status); \Util_security::check_method('POST'); \Util_security::check_csrf(); $news = \News\Model_News::check_authority($id); $msg_status = $target_status ? term('form.publish') : term('form.unpublish') . 'に'; $redirect_uri = \Site_Util::get_redirect_uri('admin/news/' . $id); if ($news->is_published == $target_status) { \Session::set_flash('error', sprintf('既に%sされています。', $msg_status)); \Response::redirect($redirect_uri); } try { \DB::start_transaction(); $news->is_published = $target_status; if ($news->is_published && !isset_datatime($news->published_at)) { $news->published_at = date('Y-m-d H:i:s'); } $news->save(); //// timeline 投稿 //if (is_enabled('timeline')) \Timeline\Site_Model::save_timeline($this->u->id, $note->public_flag, 'note', $note->id); \DB::commit_transaction(); \Session::set_flash('message', sprintf('%sを%sしました。', term('news.view'), $msg_status)); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } \Response::redirect($redirect_uri); }
/** * Execute confirm signup * * @access public * @return Response */ public function action_confirm_signup() { Util_security::check_method('POST'); Util_security::check_csrf(); if (!($form = Fieldset::instance('confirm_signup'))) { $form = $this->get_form_signup_confirm(); } $val = $form->validation(); $val->fieldset()->field('email')->delete_rule('unique'); $redirect_uri = conf('login_uri.site'); $success_message = '仮登録が完了しました。受信したメール内に記載された URL より本登録を完了してください。'; $error_message = ''; $is_transaction_rollback = false; try { if (!$val->run()) { throw new \FuelException($val->show_errors()); } $post = $val->validated(); if (Model_MemberAuth::get4email($post['email'])) { if (conf('member.register.email.hideUniqueCheck')) { Session::set_flash('message', $success_message); Response::redirect($redirect_uri); } throw new FuelException('その' . term('site.email') . 'は登録できません。'); } DB::start_transaction(); $token = Model_MemberPre::save_with_token($post['email'], $post['password']); DB::commit_transaction(); $mail = new Site_Mail('memberSignup'); $mail->send($post['email'], array('register_url' => sprintf('%s?token=%s', Uri::create('member/register'), $token))); Session::set_flash('message', $success_message); Response::redirect($redirect_uri); } catch (EmailValidationFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (EmailSendingFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (\Database_Exception $e) { $is_transaction_rollback = true; $error_message = \Site_Controller::get_error_message($e, true); } catch (FuelException $e) { $is_transaction_rollback = true; $error_message = $e->getMessage(); } if ($is_transaction_rollback && DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', $error_message); $this->action_signup(); }
protected function controller_common_api(callable $func) { try { $this->check_response_format($this->api_accept_formats); if (Input::method() != 'GET' && !$this->api_not_check_csrf) { Util_security::check_csrf(); } $this->response_body = $func() ?: $this->response_body; // execute main. if (Site_Model::check_is_orm_obj($this->response_body)) { throw new \FuelException('Response body not allowed Orm obj.'); } $status_code = 200; } catch (\HttpNotFoundException $e) { $status_code = 404; } catch (\ApiNotAuthorizedException $e) { $status_code = 401; } catch (\HttpForbiddenException $e) { $status_code = 403; } catch (\HttpMethodNotAllowed $e) { $status_code = 405; } catch (\HttpBadRequestException $e) { $status_code = 400; } catch (\HttpInvalidInputException $e) { $status_code = 400; } catch (\ValidationFailedException $e) { $this->response_body['errors']['message'] = Site_Controller::get_error_message($e); $status_code = 400; } catch (\DisableToUpdateException $e) { $this->response_body['errors']['message'] = $e->getMessage() ?: term('form.update') . 'が禁止されています。'; $status_code = 400; } catch (\Database_Exception $e) { $this->response_body['errors']['message'] = Site_Controller::get_error_message($e, true); $status_code = 500; } catch (\FuelException $e) { $status_code = 500; } catch (\Exception $e) { $status_code = 500; } if ($status_code == 500) { if (!empty($e)) { Util_Toolkit::log_error($e->getMessage()); } if (\DB::in_transaction()) { \DB::rollback_transaction(); } } $response_body = Site_Controller::supply_response_body($this->response_body, $status_code, $this->format); return self::response($response_body, $status_code); }
/** * Admin account delete * * @access public * @params integer * @return Response */ public function action_delete($id = null) { \Util_security::check_method('POST'); \Util_security::check_csrf(); if (check_original_user($id, true)) { throw new \HttpForbiddenException(); } $user = Model_AdminUser::check_authority($id); try { $auth = \Auth::instance(); \DB::start_transaction(); $auth->delete_user($user->username); \DB::commit_transaction(); \Session::set_flash('message', term('admin.user.view') . 'を削除しました。'); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } \Response::redirect(\Site_Util::get_redirect_uri('admin/account')); }
/** * Album upload image * * @access public * @return Response */ public function action_upload_image($album_id = null) { \Util_security::check_method('POST'); \Util_security::check_csrf(); $album = Model_Album::check_authority($album_id, $this->u->id, 'member'); if (Site_Util::check_album_disabled_to_update($album->foreign_table, true)) { throw new \HttpForbiddenException(); } try { $val = self::get_validation_public_flag(); if (!$val->run()) { throw new \ValidationFailedException($val->show_errors()); } $post = $val->validated(); \DB::start_transaction(); list($album_image, $file) = Model_AlbumImage::save_with_relations($album_id, $this->u, $post['public_flag'], null, 'album_image'); \DB::commit_transaction(); \Session::set_flash('message', '写真を投稿しました。'); } catch (\ValidationFailedException $e) { \Session::set_flash('error', $e->getMessage()); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } \Response::redirect('album/' . $album_id); }
public static function get_form_instance($name = 'default', $model_obj = null, $is_horizontal = true, $add_fields = array(), $btn_field = array(), $form_attr = array(), $hide_fields = array()) { $form = Fieldset::forge($name); if ($is_horizontal) { if (empty($form_attr['class'])) { $form_attr['class'] = 'form-horizontal'; } else { $form_attr['class'] .= ' form-horizontal'; } } $form->set_config('form_attributes', $form_attr); $form->add(\Config::get('security.csrf_token_key'), '', array('type' => 'hidden', 'value' => \Util_security::get_csrf())); if (!empty($add_fields['pre'])) { foreach ($add_fields['pre'] as $name => $item) { $form->add($name, isset($item['label']) ? $item['label'] : '', isset($item['attributes']) ? $item['attributes'] : '', isset($item['rules']) ? $item['rules'] : ''); } unset($add_fields['pre']); } if ($model_obj) { $form->add_model($model_obj); } if (!empty($add_fields['post']) || !empty($add_fields)) { $add_fields_post = !empty($add_fields['post']) ? $add_fields['post'] : $add_fields; foreach ($add_fields_post as $name => $item) { $form->add($name, isset($item['label']) ? $item['label'] : '', isset($item['attributes']) ? $item['attributes'] : array(), isset($item['rules']) ? $item['rules'] : array()); } } if (!empty($btn_field)) { $btn_name = ''; $btn_attr = array(); if (!is_array($btn_field)) { if (in_array($btn_field, array('submit', 'button'))) { $btn_name = $btn_field; $btn_attr = array('type' => $btn_field, 'value' => term('form.do_submit'), 'class' => 'btn btn-default btn-primary'); } } else { if (!isset($btn_field['attributes'])) { $tmp = $btn_field; unset($btn_field); $btn_field = array('attributes' => $tmp); } if (empty($btn_field['attributes']['type'])) { $btn_field['attributes']['type'] = 'submit'; } if (empty($btn_field['attributes']['value'])) { $btn_field['attributes']['value'] = term('form.submit'); } if (empty($btn_field['attributes']['class'])) { $btn_field['attributes']['class'] = 'btn btn-default btn-primary'; } $btn_attr = $btn_field['attributes']; $btn_name = isset($btn_field['name']) ? $btn_field['name'] : $btn_field['attributes']['type']; } if (!empty($btn_name)) { $form->add($btn_name, '', $btn_attr); } } foreach ($hide_fields as $hide_field_name) { $form->disable($hide_field_name, $hide_field_name); $form->field($hide_field_name)->delete_rule('required'); } return $form; }
/** * Execute reset password. * * @access public * @return Response */ public function action_reset_password() { // Already logged in Auth::check() and Response::redirect('member'); $member_password_pre = Model_MemberPasswordPre::get4token(Input::param('token')); if (!$member_password_pre || !Site_Util::check_token_lifetime($member_password_pre->updated_at, conf('member.recover.password.token_lifetime'))) { Session::set_flash('error', sprintf('URLが%sです。', term('form.disabled'))); throw new HttpNotFoundException(); } $form = $this->form_reset_password(); $val = $form->validation(); if (Input::method() == 'POST') { Util_security::check_csrf(); $auth = Auth::instance(); $error_message = ''; $is_transaction_rollback = false; try { if (!$val->run()) { throw new FuelException($val->show_errors() ?: term('site.password') . 'が正しくありません'); } $post = $val->validated(); $to_email = $member_password_pre->email; $to_name = $member_password_pre->member->name; DB::start_transaction(); $auth->change_password_simple($member_password_pre->member_id, $post['password']); $member_password_pre->delete(); // 仮登録情報の削除 DB::commit_transaction(); $mail = new Site_Mail('memberResetPassword'); $mail->send($to_email, array('to_name' => $to_name)); $auth->login($to_email, $post['password']); Session::set_flash('message', term('site.password') . 'を登録しました。'); Response::redirect('member'); } catch (EmailValidationFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' validation error'); $error_message = 'メール送信エラー'; } catch (EmailSendingFailedException $e) { Util_Toolkit::log_error('send mail error: ' . __METHOD__ . ' sending error'); $error_message = 'メール送信エラー'; } catch (Auth\SimpleUserUpdateException $e) { $is_transaction_rollback = true; $error_message = term('site.password') . 'の登録に失敗しました。'; } catch (\Database_Exception $e) { $is_transaction_rollback = true; $error_message = \Site_Controller::get_error_message($e, true); } catch (FuelException $e) { $is_transaction_rollback = true; $error_message = $e->getMessage(); } if ($error_message) { if ($is_transaction_rollback && DB::in_transaction()) { DB::rollback_transaction(); } Session::set_flash('error', $error_message); } } $this->set_title_and_breadcrumbs(term('site.password') . 'の再登録'); $data = array('val' => $val, 'member_password_pre' => $member_password_pre); $this->template->content = View::forge('member/recover/reset_password', $data); $this->template->content->set_safe('html_form', $form->build('member/recover/reset_password')); // form の action に入る }
/** * Admin change email. * * @access public * @return Response */ public function action_change_email() { \Util_security::check_method('POST'); \Util_security::check_csrf(); $form = $this->form_setting_email(); $val = $form->validation(); if ($val->run()) { try { $post = $val->validated(); $email = $post['email']; \DB::start_transaction(); if (!$this->auth_instance->update_user(array('email' => $email))) { throw new \FuelException('change email error.'); } \DB::commit_transaction(); $maildata = array(); $maildata['from_name'] = conf('mail.admin.from_name'); $maildata['from_address'] = conf('mail.admin.from_email'); $maildata['subject'] = term('site.email', 'form.update', 'form.complete') . 'の' . term('site.notice'); $maildata['to_address'] = $email; $maildata['to_name'] = $this->u->username; $this->send_change_email_mail($maildata); \Session::set_flash('message', term('site.email') . 'を変更しました。'); \Response::redirect('admin/setting'); } catch (\EmailValidationFailedException $e) { $this->display_error(term('member.view') . '登録: 送信エラー', __METHOD__ . ' email validation error: ' . $e->getMessage()); return; } catch (\EmailSendingFailedException $e) { $this->display_error(term('member.view') . '登録: 送信エラー', __METHOD__ . ' email sending error: ' . $e->getMessage()); return; } catch (\Auth\SimpleUserUpdateException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', sprintf('その%sは登録できません。', term('site.email'))); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', term('site.email') . 'の変更に失敗しました。'); } } else { \Session::set_flash('error', $val->show_errors()); } $this->action_email(); }
/** * The edit_options action. * * @access public * @return void */ public function action_edit_options($id = null) { if (!$id || !($profile = \Model_Profile::find($id))) { throw new \HttpNotFoundException(); } if (!in_array($profile->form_type, \Site_Profile::get_form_types_having_profile_options())) { throw new \HttpInvalidInputException(); } $profile_options = \Model_ProfileOption::get4profile_id($id); $posted_vals = array(); if (\Input::method() == 'POST') { try { \Util_security::check_csrf(); $posted_vals = \Input::post('labels'); if (count($posted_vals) != count($profile_options)) { throw new \httpinvalidinputexception(); } \DB::start_transaction(); foreach ($profile_options as $profile_option) { $value = $posted_vals[$profile_option->id]; if (!strlen($value)) { throw new \httpinvalidinputexception('未入力の項目があります。'); } if ($value !== $profile_option->label) { $profile_option->label = $value; $profile_option->save(); } } \DB::commit_transaction(); \Session::set_flash('message', term('profile', 'form.choices') . 'を編集しました。'); \Response::redirect('admin/profile/options/' . $profile->id); } catch (\FuelException $e) { if (\DB::in_transaction()) { \DB::rollback_transaction(); } \Session::set_flash('error', $e->getMessage()); } } $vals = array(); foreach ($profile_options as $profile_option) { $vals[$profile_option->id] = isset($posted_vals[$profile_option->id]) ? $posted_vals[$profile_option->id] : $profile_option->label; } $this->set_title_and_breadcrumbs(sprintf('%s %s: %s', term('profile'), term('form.edit'), $profile->caption)); $this->template->content = \View::forge('profile/edit_options', array('profile' => $profile, 'vals' => $vals, 'profile_options' => $profile_options)); }