public function run() { if (!$this->getPackageContentsDir()) { $this->redirectToAction('install/finish'); } $form = $this->getForm('ftp'); $is_submitted = $this->request->has('submit'); $account = cmsUser::isSessionSet('ftp_account') ? cmsUser::sessionGet('ftp_account') : array(); if ($is_submitted) { $account = array_merge($account, $form->parse($this->request, $is_submitted, $account)); cmsUser::sessionSet('ftp_account', $account); $errors = $form->validate($this, $account); if ($errors) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } if (!$errors) { $account['host'] = trim(str_replace('ftp://', '', $account['host']), '/'); if ($account['path'] != '/') { $account['path'] = '/' . trim($account['path'], '/') . '/'; } $this->uploadPackageToFTP($account); } } return cmsTemplate::getInstance()->render('install_ftp', array('account' => $account, 'form' => $form, 'errors' => isset($errors) ? $errors : false)); }
public function run($pass_token) { if (!$pass_token) { cmsCore::error404(); } if (cmsUser::isLogged()) { $this->redirectToHome(); } $users_model = cmsCore::getModel('users'); $user = $users_model->getUserByPassToken($pass_token); if (!$user) { cmsCore::error404(); } $users_model->unlockUser($user['id']); $users_model->clearUserPassToken($user['id']); cmsEventsManager::hook('user_registered', $user); cmsUser::addSessionMessage($this->options['reg_auto_auth'] ? LANG_REG_SUCCESS_VERIFIED_AND_AUTH : LANG_REG_SUCCESS_VERIFIED, 'success'); // авторизуем пользователя автоматически if ($this->options['reg_auto_auth']) { $user = cmsEventsManager::hook('user_login', $user); cmsUser::sessionSet('user', array('id' => $user['id'], 'groups' => $user['groups'], 'time_zone' => $user['time_zone'], 'perms' => cmsUser::getPermissions($user['groups']), 'is_admin' => $user['is_admin'])); $update_data = array('ip' => cmsUser::getIp()); $this->model->update('{users}', $user['id'], $update_data, true); cmsEventsManager::hook('auth_login', $user['id']); } $this->redirect($this->getAuthRedirectUrl($this->options['first_auth_redirect'])); }
public function run() { if (!$this->getPackageContentsDir()) { $this->redirectToAction('install/finish'); } $form = $this->getForm('ftp'); $account = cmsUser::isSessionSet('ftp_account') ? cmsUser::sessionGet('ftp_account') : array(); if ($this->request->has('submit')) { $account = array_merge($account, $form->parse($this->request, true, $account)); if ($account['save_to_session']) { cmsUser::sessionSet('ftp_account', $account); } else { cmsUser::sessionSet('ftp_account', array('host' => $account['host'], 'path' => $account['path'], 'is_pasv' => $account['is_pasv'])); } $errors = $form->validate($this, $account); if ($errors) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } if (!$errors) { $account['host'] = trim(str_replace('ftp://', '', $account['host']), '/'); if ($account['path'] != '/') { $account['path'] = '/' . trim($account['path'], '/') . '/'; } $this->uploadPackageToFTP($account); } } return $this->cms_template->render('install_ftp', array('manifest' => $this->parsePackageManifest(), 'account' => $account, 'form' => $form, 'errors' => isset($errors) ? $errors : false)); }
public function run() { if (cmsUser::isLogged()) { $this->redirectToHome(); } $email = $this->request->get('login_email'); $password = $this->request->get('login_password'); $remember = (bool) $this->request->get('remember'); $back_url = $this->request->has('back') ? $this->request->get('back') : false; $is_site_offline = !cmsConfig::get('is_site_on'); if ($this->request->has('submit')) { $is_captcha_valid = true; if (cmsUser::sessionGet('is_auth_captcha') && $this->options['auth_captcha']) { $is_captcha_valid = cmsEventsManager::hook('captcha_validate', $this->request); } if ($is_captcha_valid) { cmsUser::sessionUnset('is_auth_captcha'); $logged_id = cmsUser::login($email, $password, $remember); if ($logged_id) { if ($is_site_offline) { $userSession = cmsUser::sessionGet('user'); if (!$userSession['is_admin']) { cmsUser::addSessionMessage(LANG_LOGIN_ADMIN_ONLY, 'error'); cmsUser::logout(); $this->redirectBack(); } } cmsEventsManager::hook('auth_login', $logged_id); $is_back = $this->request->get('is_back'); if ($is_back) { $this->redirectBack(); } if ($back_url) { $this->redirect($back_url); } else { $this->redirectToHome(); } } } if ($this->options['auth_captcha'] && !$is_site_offline) { cmsUser::sessionSet('is_auth_captcha', true); } if ($is_captcha_valid) { cmsUser::addSessionMessage(LANG_LOGIN_ERROR, 'error'); if ($is_site_offline) { $this->redirectBack(); } } else { cmsUser::addSessionMessage(LANG_CAPTCHA_ERROR, 'error'); } } if ($back_url) { cmsUser::addSessionMessage(LANG_LOGIN_REQUIRED, 'error'); } if (cmsUser::sessionGet('is_auth_captcha')) { $captcha_html = cmsEventsManager::hook('captcha_html'); } return cmsTemplate::getInstance()->render('login', array('back_url' => $back_url, 'captcha_html' => isset($captcha_html) ? $captcha_html : false)); }
public function run() { if (cmsUser::isLogged()) { $this->redirectToHome(); } $email = $this->request->get('login_email', ''); $password = $this->request->get('login_password', ''); $remember = (bool) $this->request->get('remember'); $back_url = $this->request->get('back', ''); $is_site_offline = !cmsConfig::get('is_site_on'); $is_submit = $this->request->has('submit'); if ($is_submit) { $is_captcha_valid = true; if (cmsUser::sessionGet('is_auth_captcha') && $this->options['auth_captcha']) { $is_captcha_valid = cmsEventsManager::hook('captcha_validate', $this->request); } if ($is_captcha_valid) { cmsUser::sessionUnset('is_auth_captcha'); $logged_id = cmsUser::login($email, $password, $remember); if ($logged_id) { if ($is_site_offline) { $userSession = cmsUser::sessionGet('user'); if (!$userSession['is_admin']) { cmsUser::addSessionMessage(LANG_LOGIN_ADMIN_ONLY, 'error'); cmsUser::logout(); $this->redirectBack(); } } cmsEventsManager::hook('auth_login', $logged_id); $auth_redirect = $this->options['auth_redirect']; $is_first_auth = cmsUser::getUPS('first_auth', $logged_id); if ($is_first_auth) { $auth_redirect = $this->options['first_auth_redirect']; cmsUser::deleteUPS('first_auth', $logged_id); } if ($back_url) { $this->redirect($back_url); } else { $this->redirect($this->getAuthRedirectUrl($auth_redirect)); } } } if ($this->options['auth_captcha'] && !$is_site_offline) { cmsUser::sessionSet('is_auth_captcha', true); } if ($is_captcha_valid) { cmsUser::addSessionMessage(LANG_LOGIN_ERROR, 'error'); if ($is_site_offline) { $this->redirectBack(); } } else { cmsUser::addSessionMessage(LANG_CAPTCHA_ERROR, 'error'); } if ($this->options['auth_redirect'] == 'none' || !empty($is_first_auth) && $this->options['first_auth_redirect'] == 'none') { if (!$back_url) { $back_url = $this->getBackURL(); } } } if ($back_url && !$is_submit) { cmsUser::addSessionMessage(LANG_LOGIN_REQUIRED, 'error'); } if (cmsUser::sessionGet('is_auth_captcha')) { $captcha_html = cmsEventsManager::hook('captcha_html'); } return $this->cms_template->render('login', array('back_url' => $back_url, 'captcha_html' => isset($captcha_html) ? $captcha_html : false)); }
public function run() { if (cmsUser::isLogged() && !cmsUser::isAdmin()) { $this->redirectToHome(); } $users_model = cmsCore::getModel('users'); $form = $this->getForm('registration'); // // Добавляем поле для кода приглашения, // если регистрация доступна только по приглашениям // if ($this->options['is_reg_invites']) { $fieldset_id = $form->addFieldsetToBeginning(LANG_REG_INVITED_ONLY); $form->addField($fieldset_id, new fieldString('inv', array('title' => LANG_REG_INVITE_CODE, 'rules' => array(array('required'), array('min_length', 10), array('max_length', 10))))); } // // Добавляем поле выбора группы, // при наличии публичных групп // $public_groups = $users_model->getPublicGroups(); if ($public_groups) { $pb_items = array(); foreach ($public_groups as $pb) { $pb_items[$pb['id']] = $pb['title']; } $form->addFieldToBeginning('basic', new fieldList('group_id', array('title' => LANG_USER_GROUP, 'items' => $pb_items))); } // // Добавляем в форму обязательные поля профилей // $content_model = cmsCore::getModel('content'); $content_model->setTablePrefix(''); $content_model->orderBy('ordering'); $fields = $content_model->getRequiredContentFields('{users}'); // Разбиваем поля по группам $fieldsets = cmsForm::mapFieldsToFieldsets($fields); // Добавляем поля в форму foreach ($fieldsets as $fieldset) { $fieldset_id = $form->addFieldset($fieldset['title']); foreach ($fieldset['fields'] as $field) { if ($field['name'] == 'nickname') { $form->addFieldToBeginning('basic', $field['handler']); } if ($field['is_system']) { continue; } $form->addField($fieldset_id, $field['handler']); } } $user = array(); if ($this->request->hasInQuery('inv')) { $user['inv'] = $this->request->get('inv', ''); } if ($this->request->has('submit')) { if (!$this->options['is_reg_enabled']) { cmsCore::error404(); } $is_captcha_valid = true; // // Парсим и валидируем форму // $user = $form->parse($this->request, true); $user['groups'] = array(); if (!empty($this->options['def_groups'])) { $user['groups'] = $this->options['def_groups']; } if (isset($user['group_id'])) { if (!in_array($user['group_id'], $user['groups'])) { $user['groups'][] = $user['group_id']; } } // // убираем поля которые не относятся к выбранной пользователем группе // foreach ($fieldsets as $fieldset) { foreach ($fieldset['fields'] as $field) { if (!$field['groups_edit']) { continue; } if (in_array(0, $field['groups_edit'])) { continue; } if (!in_array($user['group_id'], $field['groups_edit'])) { $form->disableField($field['name']); unset($user[$field['name']]); } } } $errors = $form->validate($this, $user); if (!$errors) { // // проверяем код приглашения // if ($this->options['is_reg_invites']) { $invite = $this->model->getInviteByCode($user['inv']); if (!$invite) { $errors['inv'] = LANG_REG_WRONG_INVITE_CODE; } else { if ($this->options['is_invites_strict'] && $invite['email'] != $user['email']) { $errors['inv'] = LANG_REG_WRONG_INVITE_CODE_EMAIL; } else { $user['inviter_id'] = $invite['user_id']; } } } // // проверяем допустимость e-mail, имени и IP // if (!$this->isEmailAllowed($user['email'])) { $errors['email'] = sprintf(LANG_AUTH_RESTRICTED_EMAIL, $user['email']); } if (!$this->isNameAllowed($user['nickname'])) { $errors['nickname'] = sprintf(LANG_AUTH_RESTRICTED_NAME, $user['nickname']); } if (!$this->isIPAllowed(cmsUser::get('ip'))) { cmsUser::addSessionMessage(sprintf(LANG_AUTH_RESTRICTED_IP, cmsUser::get('ip')), 'error'); $errors = true; } } // // Проверяем капчу // if (!$errors && $this->options['reg_captcha']) { $is_captcha_valid = cmsEventsManager::hook('captcha_validate', $this->request); if (!$is_captcha_valid) { $errors = true; cmsUser::addSessionMessage(LANG_CAPTCHA_ERROR, 'error'); } } if (!$errors) { unset($user['inv']); // // Блокируем пользователя, если включена верификация e-mail // if ($this->options['verify_email']) { $user = array_merge($user, array('is_locked' => true, 'lock_reason' => LANG_REG_CFG_VERIFY_LOCK_REASON, 'pass_token' => string_random(32, $user['email']), 'date_token' => '')); } $result = $users_model->addUser($user); if ($result['success']) { $user['id'] = $result['id']; cmsUser::addSessionMessage(LANG_REG_SUCCESS, 'success'); cmsUser::setUPS('first_auth', 1, $user['id']); // отправляем письмо верификации e-mail if ($this->options['verify_email']) { $this->options['verify_exp'] = empty($this->options['verify_exp']) ? 48 : $this->options['verify_exp']; $messenger = cmsCore::getController('messages'); $to = array('email' => $user['email'], 'name' => $user['nickname']); $letter = array('name' => 'reg_verify'); $messenger->sendEmail($to, $letter, array('nickname' => $user['nickname'], 'page_url' => href_to_abs('auth', 'verify', $user['pass_token']), 'pass_token' => $user['pass_token'], 'valid_until' => html_date(date('d.m.Y H:i', time() + $this->options['verify_exp'] * 3600), true))); cmsUser::addSessionMessage(sprintf(LANG_REG_SUCCESS_NEED_VERIFY, $user['email']), 'info'); } else { cmsEventsManager::hook('user_registered', $user); // авторизуем пользователя автоматически if ($this->options['reg_auto_auth']) { $logged_id = cmsUser::login($user['email'], $user['password1']); if ($logged_id) { cmsEventsManager::hook('auth_login', $logged_id); } } } $back_url = cmsUser::sessionGet('auth_back_url') ? cmsUser::sessionGet('auth_back_url', true) : false; if ($back_url) { $this->redirect($back_url); } else { $this->redirect($this->getAuthRedirectUrl($this->options['first_auth_redirect'])); } } else { $errors = $result['errors']; } } if ($errors && $is_captcha_valid) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } } // Капча if ($this->options['reg_captcha']) { $captcha_html = cmsEventsManager::hook('captcha_html'); } // запоминаем откуда пришли на регистрацию if (empty($errors) && $this->options['first_auth_redirect'] == 'none') { cmsUser::sessionSet('auth_back_url', $this->getBackURL()); } return $this->cms_template->render('registration', array('user' => $user, 'form' => $form, 'captcha_html' => isset($captcha_html) ? $captcha_html : false, 'errors' => isset($errors) ? $errors : false)); }
/** * Создает, сохраняет в сессии и возвращает CSRF-token * @return string */ public static function generateCSRFToken() { $hash = implode('::', array(session_id(), rand(0, 9999), microtime(true))); $token = md5($hash); cmsUser::sessionSet('csrf_token', $token); return $token; }
public function run($profile, $do = false) { if (!cmsUser::isLogged()) { cmsCore::error404(); } $user = cmsUser::getInstance(); // если нужно, передаем управление другому экшену if ($do) { $this->runAction('profile_edit_' . $do, array($profile) + array_slice($this->params, 2)); return; } // проверяем наличие доступа if ($profile['id'] != $user->id && !$user->is_admin) { cmsCore::error404(); } // Получаем поля $content_model = cmsCore::getModel('content'); $content_model->setTablePrefix(''); $content_model->orderBy('ordering'); $fields = $content_model->getContentFields('{users}'); // Строим форму $form = new cmsForm(); // Разбиваем поля по группам $fieldsets = cmsForm::mapFieldsToFieldsets($fields, function ($field, $user) { // проверяем что группа пользователя имеет доступ к редактированию этого поля if ($field['groups_edit'] && !$user->isInGroups($field['groups_edit'])) { return false; } return true; }); // Добавляем поля в форму foreach ($fieldsets as $fieldset) { $fieldset_id = $form->addFieldset($fieldset['title']); foreach ($fieldset['fields'] as $field) { // добавляем поле в форму $form->addField($fieldset_id, $field['handler']); } } // Добавляем поле выбора часового пояса $config = cmsConfig::getInstance(); $fieldset_id = $form->addFieldset(LANG_TIME_ZONE); $form->addField($fieldset_id, new fieldList('time_zone', array('default' => $config->time_zone, 'generator' => function ($item) { return cmsCore::getTimeZones(); }))); // Форма отправлена? $is_submitted = $this->request->has('submit'); if ($is_submitted) { // Парсим форму и получаем поля записи $new = $form->parse($this->request, $is_submitted, $profile); $old = $profile; $profile = array_merge($profile, $new); // Проверям правильность заполнения $errors = $form->validate($this, $profile); if (!$errors) { $is_allowed = cmsEventsManager::hookAll('user_profile_update', $profile, true); if ($is_allowed !== true && in_array(false, $is_allowed)) { $errors = true; } } if (!$errors) { // Обновляем профиль и редиректим на его просмотр $this->model->updateUser($profile['id'], $profile); // Отдельно обновляем часовой пояс в сессии cmsUser::sessionSet('user_data:time_zone', $profile['time_zone']); // Постим уведомление о смене аватара в ленту if (!$this->model->isAvatarsEqual($new['avatar'], $old['avatar'])) { $activity_controller = cmsCore::getController('activity'); $activity_controller->deleteEntry($this->name, "avatar", $profile['id']); if (!empty($new['avatar'])) { $activity_controller->addEntry($this->name, "avatar", array('user_id' => $profile['id'], 'subject_title' => $profile['nickname'], 'subject_id' => $profile['id'], 'subject_url' => href_to('users', $profile['id']), 'is_private' => 0, 'group_id' => null, 'images' => array(array('url' => href_to('users', $profile['id']), 'src' => html_image_src($new['avatar'], 'normal'))), 'images_count' => 1)); } } $this->redirectTo('users', $profile['id']); } if ($errors) { cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error'); } } return cmsTemplate::getInstance()->render('profile_edit', array('do' => 'edit', 'id' => $profile['id'], 'profile' => $profile, 'form' => $form, 'errors' => isset($errors) ? $errors : false)); }
public function getGeoByIp() { $cached_geo = cmsUser::sessionGet('geo_data'); if ($cached_geo) { return $cached_geo; } $out = simplexml_load_string(file_get_contents_from_url('http://ipgeobase.ru:7020/geo?ip=' . cmsUser::getIp())); $data = array(); if ($out && is_object($out) && !empty($out->ip[0])) { foreach ($out->ip[0] as $key => $value) { $data[$key] = (string) $value; } } $geo = array('city' => array('id' => null, 'name' => null), 'country' => array('id' => null, 'name' => null)); if (isset($data['country'])) { $geo['country'] = $this->model->getItemByField('geo_countries', 'alpha2', $data['country']); } if (isset($data['city'])) { if (!empty($geo['country']['id'])) { $this->model->filterEqual('country_id', $geo['country']['id']); } $geo['city'] = $this->model->getItemByField('geo_cities', 'name', $data['city']); } cmsUser::sessionSet('geo_data', $geo); return $geo; }