public function action_index()
{
// clear redirect referrer
\Session::delete('submitted_redirect');
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// list tables
$output['list_tables'] = \DB::list_tables();
// if form submitted
if (\Input::method() == 'POST') {
$table_name = trim(\Input::post('table_name'));
$output['table_name'] = $table_name;
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif ($table_name == null) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('dbhelper_please_select_db_table');
} else {
$output['list_columns'] = \DB::list_columns(\DB::expr('`' . $table_name . '`'));
}
}
// endif; form submitted
// <head> output ---------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('dbhelper'));
// <head> output ---------------------------------------------------------------------
return $this->generatePage('admin/templates/index/index_v', $output, false);
}
public function action_index()
{
if (\Input::method() == 'POST') {
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} else {
// update to 1.5 first time
$result = \Fs\update0001::run();
// update to 1.5.4
$result = \Fs\update0002::run();
if ($result === true) {
$output['hide_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('fs_update_completed');
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fs_failed_to_update');
}
}
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = \Lang::get('fs_updater');
// <head> output ----------------------------------------------------------------------------------------------
$theme = \Theme::instance();
return $theme->view('update_v', $output, false);
}
public function action_index()
{
// load language
\Lang::load('account');
if (\Input::method() == 'POST') {
// store data for model
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
// validate form.
$validate = \Validation::forge();
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
if (!\Extension\NoCsrf::check(null, null, null, null, false)) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// check registered emails with not confirm
$query = \Model_Accounts::query()->select('account_id', 'account_username', 'account_email')->where('account_email', $data['account_email'])->where('account_last_login', null)->where('account_status', '0')->where('account_confirm_code', '!=', 'NULL');
if ($query->count() <= 0) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_didnot_found_entered_email');
} else {
$row = $query->get_one();
// generate confirm code
$data['account_confirm_code'] = \Str::random('alnum', 6);
$data['account_username'] = $row->account_username;
$options['not_notify_admin'] = true;
// send email to let user confirm registration
$result = \Model_Accounts::forge()->sendRegisterEmail($data, $options);
if ($result === true) {
$account = \Model_Accounts::find($row->account_id);
$account->account_confirm_code = $data['account_confirm_code'];
$account->save();
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm');
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
// re-populate form
$output['account_email'] = trim(\Input::post('account_email'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_resend_confirm_registration_email'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/resendactivate_v', $output, false);
}
public function action_index()
{
// load language
\Lang::load('account');
// form submitted
if (\Input::method() == 'POST') {
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
// validate form.
$validate = \Validation::forge();
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// validate pass
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_wrong_captcha_code');
} else {
$continue_form = true;
}
if (isset($continue_form) && $continue_form === true) {
// try to send reset password email
$result = \Model_Accounts::sendResetPasswordEmail($data);
if ($result === true) {
$output['hide_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_please_check_your_email_to_confirm_reset_password');
} else {
if (is_string($result)) {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
}
// re-populate form
$output['account_email'] = trim(\Input::post('account_email'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_forgot_username_or_password'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/forgotpw_v', $output, false);
}
public function action_index($account_username = '', $confirm_code = '')
{
// load language
\Lang::load('account');
// store username and confirm code from url to form and require the form to submit.
$output['account_username'] = $account_username;
$output['confirm_code'] = $confirm_code;
if (\Input::method() == 'POST') {
// store data for validate and update account status.
$data['account_username'] = trim(\Input::post('account_username'));
$data['account_confirm_code'] = trim(\Input::post('confirm_code'));
// validate form.
$validate = \Validation::forge();
$validate->add('account_username', \Lang::get('account_username'), array(), array('required'));
$validate->add('confirm_code', \Lang::get('account_confirm_code'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// confirm register.
$result = \Model_Accounts::confirmRegister($data);
if ($result === true) {
$output['hide_register_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_confirm_register_completed');
// @todo [fuelstart][account][plug] confirm register passed plug.
$plugin = new \Library\Plugins();
if ($plugin->hasAction('AccountControllerAfterConfirmedRegister') !== false) {
$plugin->doAction('AccountControllerAfterConfirmedRegister', ['input_username' => $account_username, 'inputs_post' => \Input::post()]);
}
unset($plugin);
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form
$output['account_username'] = trim(\Input::post('account_username'));
$output['confirm_code'] = trim(\Input::post('confirm_code'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_confirm_register'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/confirmregister_v', $output, false);
}
public function action_index()
{
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('config_global', 'config_global') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect(\Uri::create('admin'));
}
// get timezone list for select box
\Config::load('timezone', 'timezone');
$output['timezone_list'] = \Config::get('timezone.timezone', array());
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
$allowed_field = array();
// load config to form.
$result = \DB::select('*')->from(\Model_Config::getTableName())->as_object('Model_Config')->where('config_core', '1')->execute();
if ((is_array($result) || is_object($result)) && !empty($result)) {
foreach ($result as $row) {
$allowed_field[] = $row->config_name;
$output[$row->config_name] = $row->config_value;
}
}
unset($result, $row);
// if form submitted
if (\Input::method() == 'POST') {
// store data to variable for update to db.
$data = array();
foreach (\Input::post() as $key => $value) {
if (in_array($key, $allowed_field)) {
$data[$key] = $value;
}
}
unset($allowed_field);
// check again for some required default value config data.
// tab website
$data['site_name'] = \Security::htmlentities($data['site_name']);
$data['page_title_separator'] = \Security::htmlentities($data['page_title_separator']);
// tab account
if (!isset($data['member_allow_register']) || $data['member_allow_register'] != '1') {
$data['member_allow_register'] = '0';
}
if (!isset($data['member_register_notify_admin']) || $data['member_register_notify_admin'] != '1') {
$data['member_register_notify_admin'] = '0';
}
if (!isset($data['simultaneous_login']) || $data['simultaneous_login'] != '1') {
$data['simultaneous_login'] = '******';
}
if (!is_numeric($data['member_max_login_fail'])) {
$data['member_max_login_fail'] = '10';
}
if (!is_numeric($data['member_login_fail_wait_time'])) {
$data['member_login_fail_wait_time'] = '30';
}
if (!is_numeric($data['member_login_remember_length'])) {
$data['member_login_remember_length'] = '30';
}
if (!is_numeric($data['member_confirm_wait_time'])) {
$data['member_confirm_wait_time'] = '10';
}
if (!isset($data['member_email_change_need_confirm']) || $data['member_email_change_need_confirm'] != '1') {
$data['member_email_change_need_confirm'] = '0';
}
if (!isset($data['allow_avatar']) || $data['allow_avatar'] != '1') {
$data['allow_avatar'] = '0';
}
if (!is_numeric($data['avatar_size'])) {
$data['avatar_size'] = '200';
}
if (empty($data['avatar_allowed_types'])) {
$data['avatar_allowed_types'] = 'jpg|jpeg';
}
if ($data['avatar_path'] == null) {
unset($data['avatar_path']);
}
// tab email
if ($data['mail_protocol'] == null) {
$data['mail_protocol'] = 'mail';
}
if (!is_numeric($data['mail_smtp_port'])) {
$data['mail_smtp_port'] = '0';
}
// tab content
if (!is_numeric($data['content_items_perpage'])) {
$data['content_items_perpage'] = '10';
}
if (!is_numeric($data['content_admin_items_perpage'])) {
$data['content_admin_items_perpage'] = '10';
}
// tab media
if (empty($data['media_allowed_types'])) {
$data['media_allowed_types'] = 'avi|doc|docx|flv|gif|jpeg|jpg|mid|midi|mov|mp3|mpeg|mpg|pdf|png|swf|xls|xlsx|zip';
}
// tab ftp
if (!is_numeric($data['ftp_port'])) {
$data['ftp_port'] = '21';
}
if (!isset($data['ftp_passive']) || $data['ftp_passive'] != 'false') {
$data['ftp_passive'] = 'true';
}
// validate form.
$validate = \Validation::forge();
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// try to save config.
$result = \Model_Config::saveData($data);
// save change site name to sites table
$site_id = \Model_Sites::getSiteId(false);
$entry = \Model_Sites::find($site_id);
$entry->site_name = $data['site_name'];
$entry->save();
unset($entry, $site_id);
if ($result === true) {
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
\Response::redirect(\Uri::main());
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form.
foreach ($data as $key => $value) {
$output[$key] = html_entity_decode($value);
}
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('config_global_configuration'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('config_global_configuration'), 'url' => \Uri::create('admin/config')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
return $this->generatePage('admin/templates/config/index_v', $output, false);
}
<?php
$nocsrf_form_input = \Extension\NoCsrf::generate();
?>
<article class="general-page-container">
<h1><?php
echo __('account_login');
?>
</h1>
<?php
echo \Form::open(array('action' => \Uri::main() . (isset($go_to) ? '?rdr=' . $go_to : ''), 'class' => 'form-horizontal', 'role' => 'form'));
?>
<div class="form-status-placeholder">
<?php
if (isset($form_status) && isset($form_status_message)) {
?>
<div class="alert alert-<?php
echo str_replace('error', 'danger', $form_status);
?>
"><button type="button" class="close" data-dismiss="alert">×</button><?php
echo $form_status_message;
?>
</div>
<?php
}
?>
<script type="text/javascript">
// required js variables for use in .js file.
var base_url = '<?php
echo \Uri::base(false);
?>
';
var site_url = '<?php
echo getRootSiteURL();
?>
';
var theme_assets = '<?php
echo Uri::createNL(\Theme::instance()->asset_path(''));
?>
';
var csrf_name = '<?php
echo \Config::get('security.csrf_token_key');
?>
';
var nocsrf_val = '<?php
echo \Extension\NoCsrf::generate('', true);
?>
';
</script>
</head>
<body class="html-body<?php
echo $pc_class . ' ' . $page_class;
?>
">
<?php
$nocsrf_form_value = \Extension\NoCsrf::generate(null, true);
?>
<h1><?php
echo \Uri::segment(3) == 'add' ? __('account_add') : __('account_edit');
?>
</h1>
<?php
echo \Extension\Form::openMultipart(array('class' => 'form-horizontal', 'role' => 'form'));
?>
<div class="form-status-placeholder">
<?php
if (isset($form_status) && isset($form_status_message)) {
?>
<div class="alert alert-<?php
echo str_replace('error', 'danger', $form_status);
?>
"><button type="button" class="close" data-dismiss="alert">×</button><?php
echo $form_status_message;
?>
</div>
<?php
}
?>
</div>
<div class="hidden csrf-container">
?>
<div class="alert alert-<?php
echo str_replace('error', 'danger', $form_status);
?>
"><button type="button" class="close" data-dismiss="alert">×</button><?php
echo $form_status_message;
?>
</div>
<?php
}
?>
</div>
<?php
echo \Extension\NoCsrf::generate();
?>
<div class="table-responsive">
<table class="table table-striped table-hover list-logins-table table-sortable">
<thead>
<tr>
<th class="check-column"><input type="checkbox" name="id_all" value="" onclick="checkAll(this.form,'id[]',this.checked)" /></th>
<th style="width: 24px;"></th>
<th><?php
echo __('accountlv_level_priority');
?>
<span class="glyphicon glyphicon-question-sign bootstrap-tooltip" data-toggle="tooltip" data-original-title="<?php
echo __('accountlv_higher_priority_will_come_first');
?>
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_delete_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
\Model_Sites::deleteSite($id);
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
}
} elseif ($act == 'enable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '1') {
continue;
}
\DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 1])->execute();
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
unset($entry);
}
} elseif ($act == 'disable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '1') {
continue;
}
\DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 0])->execute();
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
unset($entry);
}
}
}
// go back
\Response::redirect($redirect);
}
public function action_save($account_id = '')
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_user_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// if account id not set
if (!is_numeric($account_id)) {
$cookie_account = \Model_Accounts::forge()->getAccountCookie('admin');
$account_id = 0;
if (isset($cookie_account['account_id'])) {
$account_id = $cookie_account['account_id'];
}
unset($cookie_account);
}
$output['account_id'] = $account_id;
// check target account
$account_check_result = $this->checkAccountData($account_id);
$output['account_check_result'] = is_object($account_check_result) || is_array($account_check_result) ? true : $account_check_result;
unset($account_check_result);
if ($output['account_check_result'] === true) {
// if form submitted
if (\Input::method() == 'POST') {
if (\Extension\NoCsrf::check()) {
$data['permission_core'] = (int) trim(\Input::post('permission_core'));
if ($data['permission_core'] != '1') {
$data['permission_core'] = '0';
}
$data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name')));
if ($data['module_system_name'] == null || $data['permission_core'] == '1') {
$data['module_system_name'] = null;
}
$data['account_id'] = \Input::post('account_id');
$data['permission_page'] = \Input::post('permission_page');
$data['permission_action'] = \Input::post('permission_action');
\Model_AccountPermission::savePermissions($account_id, $data);
// set success message
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
} else {
// nocsrf error, set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token')));
}
// endif nocsrf check
}
// endif form submitted
} else {
// failed to check account. set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => $output['account_check_result']));
}
// endif check account result.
// go back
\Response::redirect($redirect);
}
public function action_save()
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_level_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// if form submitted
if (\Input::method() == 'POST') {
if (\Extension\NoCsrf::check()) {
$data['permission_core'] = (int) trim(\Input::post('permission_core'));
if ($data['permission_core'] != '1') {
$data['permission_core'] = '0';
}
$data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name')));
if ($data['module_system_name'] == null || $data['permission_core'] == '1') {
$data['module_system_name'] = null;
}
$data['level_group_id'] = \Input::post('level_group_id');
$data['permission_page'] = \Input::post('permission_page');
$data['permission_action'] = \Input::post('permission_action');
\Model_AccountLevelPermission::savePermissions($data);
// set success message
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
} else {
// nocsrf error, set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token')));
}
}
// go back
\Response::redirect($redirect);
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('blog_perm', 'blog_manage_perm') == false) {
\Response::redirect(\Uri::create('admin'));
}
if (is_array($ids)) {
foreach ($ids as $id) {
\Blog\Model_Blog::find($id)->delete();
}
}
}
}
// go back
if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
\Response::redirect(\Input::referrer());
} else {
\Response::redirect('blog/admin');
}
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('accountlv_perm', 'accountlv_delete_perm') == false) {
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if (in_array($id, $this->disallowed_edit_delete)) {
continue;
}
\Model_AccountLevelGroup::deleteLevel($id);
}
}
}
}
// go back
\Response::redirect($redirect);
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
$redirect = $this->getAndSetSubmitRedirection();
if (\Extension\NoCsrf::check()) {
// if action is delete.
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
// get target level group id
$lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
// not found
if (count($lvls) <= 0) {
continue;
} else {
// format level group for check can i add, edit
$level_group = array();
foreach ($lvls as $lvl) {
$level_group[] = $lvl->level_group_id;
}
}
if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
// delete account.
\Model_Accounts::deleteAccount($id);
// clear cache
\Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
}
}
}
} elseif ($act == 'enable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '0') {
continue;
}
// get target level group id
$lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
// not found
if (count($lvls) <= 0) {
continue;
} else {
// format level group for check can i add, edit
$level_group = array();
foreach ($lvls as $lvl) {
$level_group[] = $lvl->level_group_id;
}
}
if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
\DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '1', 'account_status_text' => null])->execute();
unset($entry);
}
// clear cache
\Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
}
}
} elseif ($act == 'disable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '0') {
continue;
}
// get target level group id
$lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
// not found
if (count($lvls) <= 0) {
continue;
} else {
// format level group for check can i add, edit
$level_group = array();
foreach ($lvls as $lvl) {
$level_group[] = $lvl->level_group_id;
}
}
if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
\DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '0', 'account_status_text' => null])->execute();
}
// clear cache
\Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
}
}
}
}
// go back
\Response::redirect($redirect);
}
public function action_index()
{
// load language
\Lang::load('admin');
\Lang::load('account');
// load config from db.
$cfg_values = array('member_max_login_fail', 'member_login_fail_wait_time');
$config = Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
// set active theme for admin. this controller is not based on admin controller, then it is require to set to admin theme.
$theme = \Theme::instance();
$theme->active($this->theme_system_name);
// set login redirect
if (\Input::get('rdr') != null) {
$output['go_to'] = urlencode(\Input::get('rdr'));
} else {
$output['go_to'] = urlencode(\Uri::create('admin'));
}
// read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
// this is REQUIRED in login page. because failed 'is login' check will redirect to here.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// count login fail and show captcha.
if (\Session::get('login_all_fail_count', '0') >= $this->login_fail_time_show_captcha || \Session::get('show_captcha', false) === true) {
$output['show_captcha'] = true;
// if last time login failed is over wait time, reset it
if ((time() - \Session::get('login_all_fail_time', time())) / 60 > $config['member_login_fail_wait_time']['value']) {
// reset captcha requirement and wait time.
\Session::set('login_all_fail_count', \Session::get('login_all_fail_count') - ($this->login_fail_time_show_captcha + 1));
// do not reset this, just reduce to fail time show captcha+1. doing this to prevent brute force attack.
\Session::delete('login_all_fail_time');
\Session::delete('show_captcha');
}
}
// browser check
$output['browser_check'] = $this->browserCheck();
// if form submitted --------------------------------------------------------------------------------------------
if (\Input::method() == 'POST') {
// store data for login
$data['account_identity'] = trim(\Input::post('account_identity'));
if (strpos($data['account_identity'], '@') === false) {
$data['account_username'] = $data['account_identity'];
} else {
$data['account_email'] = $data['account_identity'];
}
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
// check username or email required
$validate->add('account_identity', \Lang::get('account_username_or_email'), array(), array('required'));
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
$output['input_csrf_token'] = \Extension\NoCsrf::generate();
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
}
} else {
// count login failed and wait if it was exceed max failed allowed.
if (\Session::get('login_all_fail_count', '0') > $config['member_max_login_fail']['value'] && (time() - \Session::get('login_all_fail_time', time())) / 60 <= $config['member_login_fail_wait_time']['value']) {
// continuous login failed over max fail limit.
$result = Lang::get('account_login_failed_too_many', array('wait_minute' => $config['member_login_fail_wait_time']['value'], 'wait_til_time' => date('d F Y H:i:s', time() + $config['member_login_fail_wait_time']['value'] * 60)));
} else {
// not reach maximum limit
// check if show captcha
if (isset($output['show_captcha']) && $output['show_captcha'] === true) {
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$result = \Lang::get('account_wrong_captcha_code');
}
}
// try to login. ---------------------------------------------
if (!isset($result) || isset($result) && $result == null) {
$result = \Model_Accounts::adminLogin($data);
}
}
// check login result ----------------------------------------------
if ($result === true) {
// success
$all_fail_count = 0;
\Session::delete('login_all_fail_count');
\Session::delete('login_all_fail_time');
\Session::delete('show_captcha');
if (\Input::is_ajax()) {
$output['login_status'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_login_success');
if (!isset($output['go_to'])) {
$output['go_to'] = \Uri::main();
} else {
$output['go_to'] = urldecode($output['go_to']);
}
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
} else {
if (isset($output['go_to'])) {
\Response::redirect(urldecode($output['go_to']));
} else {
\Response::redirect(\Uri::base());
}
}
} else {
// failed
$all_fail_count = \Session::get('login_all_fail_count', '0') + 1;
\Session::set('login_all_fail_count', $all_fail_count);
\Session::set('login_all_fail_time', time());
// if login fail count more than or equal to fail time show captcha
if ($all_fail_count >= $this->login_fail_time_show_captcha) {
$output['show_captcha'] = true;
\Session::set('show_captcha', true);
}
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
}
}
}
// re-populate form
$output['account_identity'] = $data['account_identity'];
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_login'));
$output['page_meta'][] = '<meta name="robots" content="noindex, nofollow" />';
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('account_login'), 'url' => \Uri::create('admin/login')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
} else {
return $theme->view('admin/templates/login/index_v', $output, false);
}
}
public function action_index()
{
// load language
\Lang::load('account');
// load config from db.
$cfg_values = array('member_allow_register', 'member_verification');
$config = \Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
// pre-set form values
$output['account_username'] = null;
$output['account_email'] = null;
$output['account_password'] = null;
$output['account_confirm_password'] = null;
$output['captcha'] = null;
if (\Input::method() == 'POST' && $config['member_allow_register']['value'] == '1') {
// store data to array for send to model with add/register method.
$data['account_username'] = trim(\Input::post('account_username'));
$data['account_display_name'] = \Security::htmlentities($data['account_username']);
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
$validate->add_callable(new \Extension\FsValidate());
$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
$validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password');
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// validate pass
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_wrong_captcha_code');
} else {
$continue_register = true;
}
// if captcha pass
if (isset($continue_register) && $continue_register === true) {
// register action
$result = \Model_Accounts::registerAccount($data);
if ($result === true) {
$output['hide_register_form'] = true;
// if member verification is need, show those message. if no need, just show success message.
if ($config['member_verification']['value'] == '0') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_complted');
} elseif ($config['member_verification']['value'] == '1') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm');
} elseif ($config['member_verification']['value'] == '2') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_admin_verify');
}
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
// re-populate form
$output['account_username'] = trim(\Input::post('account_username'));
$output['account_email'] = trim(\Input::post('account_email'));
//$output['account_password'] = trim(\Input::post('account_password'));
//$output['account_confirm_password'] = trim(\Input::post('account_confirm_password'));
//$output['captcha'] = \Input::post('captcha');
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_register'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/register_v', $output, false);
}
public function action_index()
{
// load language
\Lang::load('account');
// is user logged in?
if (\Model_Accounts::isMemberLogin() == false) {
\Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
}
// load config from db.
$cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types');
$config = \Model_Config::getvalues($cfg_values);
$output['config'] = $config;
// set config data to display in view file.
$output['allow_avatar'] = $config['allow_avatar']['value'];
$output['avatar_size'] = $config['avatar_size']['value'];
$output['avatar_allowed_types'] = $config['avatar_allowed_types']['value'];
unset($cfg_values);
// read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// get account id
$cookie_account = \Model_Accounts::forge()->getAccountCookie();
// get account data
$query = \Model_Accounts::query()->where('account_id', $cookie_account['account_id'])->where('account_username', $cookie_account['account_username'])->where('account_email', $cookie_account['account_email']);
if ($query->count() > 0) {
// found
$row = $query->get_one();
$output['row'] = $row;
// loop set data for display in form.
foreach ($row as $key => $field) {
$output[$key] = $field;
}
// get account_fields data of current user and send to views form
// to access data from view, use $account_field['field_name']. for example: the field_name is phone, just use $account_field['phone'];
$account_fields = \Model_AccountFields::getData($cookie_account['account_id']);
if ($account_fields->count() > 0) {
foreach ($account_fields as $af) {
$output['account_field'][$af->field_name] = \Extension\Str::isJsonFormat($af->field_value) ? json_decode($af->field_value, true) : $af->field_value;
}
}
unset($account_fields, $af);
// get timezone list to display.
\Config::load('timezone', 'timezone');
$output['timezone_list'] = \Config::get('timezone.timezone', array());
unset($query);
} else {
// not found account.
unset($cookie_account, $query);
\Model_Accounts::logout();
\Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
}
// if form submitted
if (\Input::method() == 'POST') {
// store data for save to db.
$data['account_id'] = $cookie_account['account_id'];
$data['account_username'] = $cookie_account['account_username'];
//trim(\Input::post('account_username'));//no, do not edit username.
$data['account_old_email'] = $cookie_account['account_email'];
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
$data['account_password'] = trim(\Input::post('account_password'));
$data['account_new_password'] = trim(\Input::post('account_new_password'));
$data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name'));
$data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null)));
if ($data['account_firstname'] == null) {
$data['account_firstname'] = null;
}
$data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null)));
if ($data['account_middlename'] == null) {
$data['account_middlename'] = null;
}
$data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null)));
if ($data['account_lastname'] == null) {
$data['account_lastname'] = null;
}
$data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null)));
if ($data['account_birthdate'] == null) {
$data['account_birthdate'] = null;
}
$data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null)));
if ($data['account_signature'] == null) {
$data['account_signature'] = null;
}
$data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone')));
$data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null)));
if ($data['account_language'] == null) {
$data['account_language'] = null;
}
// store data for account_fields
$data_field = array();
if (is_array(\Input::post('account_field'))) {
foreach (\Input::post('account_field') as $field_name => $field_value) {
if (is_string($field_name)) {
if (is_array($field_value)) {
$field_value = json_encode($field_value);
}
$data_field[$field_name] = $field_value;
}
}
}
unset($field_name, $field_value);
// validate form.
$validate = \Validation::forge();
$validate->add_callable(new \Extension\FsValidate());
//$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));//no, do not edit username.
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
$validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required'));
$validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d');
$validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// save
$result = \Model_accounts::memberEditProfile($data, $data_field);
if ($result === true) {
if (\Session::get_flash('form_status', null, false) == null) {
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('account_saved')));
}
\Response::redirect(\Uri::main());
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form
//$output['account_username'] = trim(\Input::post('account_username'));//no, do not edit username.
$output['account_email'] = trim(\Input::post('account_email'));
$output['account_display_name'] = trim(\Input::post('account_display_name'));
$output['account_firstname'] = trim(\Input::post('account_firstname'));
$output['account_middlename'] = trim(\Input::post('account_middlename'));
$output['account_lastname'] = trim(\Input::post('account_lastname'));
$output['account_birthdate'] = trim(\Input::post('account_birthdate'));
$output['account_signature'] = trim(\Input::post('account_signature'));
$output['account_timezone'] = trim(\Input::post('account_timezone'));
$output['account_language'] = trim(\Input::post('account_language'));
// re-populate form for account fields
if (is_array(\Input::post('account_field'))) {
foreach (\Input::post('account_field') as $field_name => $field_value) {
if (is_string($field_name)) {
$output['account_field'][$field_name] = $field_value;
}
}
}
unset($field_name, $field_value);
}
// clear variables
unset($cookie_account, $data, $result);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_edit'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/edit_v', $output, false);
}
public function action_index($account_id = '', $confirm_code = '', $action = '')
{
// load language
\Lang::load('account');
// get config
$cfg_values = array('member_confirm_wait_time');
$config = Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
$output['reset_action'] = $action;
// check account id and confirm code.
$query = \Model_Accounts::query()->where('account_id', $account_id)->where('account_confirm_code', $confirm_code);
if ($query->count() <= 0) {
$output['hide_form'] = true;
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_invalid_reset_password_request_code');
}
// if cancel reset password
if ($action == 'cancel' && $query->count() > 0) {
// cancel no need to use form, hide it.
$output['hide_form'] = true;
// empty confirm code.
$row = $query->get_one();
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_your_reset_password_request_was_cancelled');
}
// form submitted
if (\Input::method() == 'POST' && $action == 'reset') {
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
$validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password');
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
$row = $query->get_one();
$cfg_member_confirm_wait_time = $config['member_confirm_wait_time']['value'] * 60;
if (time() - $row->account_confirm_code_since > $cfg_member_confirm_wait_time) {
// confirm wait time is too long than limit.
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_reset_password_time_expired');
// empty confirm code.
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
} else {
// empty confirm code and update password
$row->account_password = \Model_Accounts::forge()->hashPassword($data['account_password']);
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
$output['hide_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_reset_password_successfully');
}
}
unset($cfg_member_confirm_wait_time, $data, $validate);
}
unset($config, $query, $row);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_reset_password'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/resetpw_v', $output, false);
}
