/**
*
*/
public static function init()
{
static::loadCore();
static::loadCountries();
static::$lang = \HaaseIT\HCSF\Helper::getLanguage();
static::loadSecrets();
if (static::$core["enable_module_customer"]) {
static::loadCustomer();
}
if (static::$core["enable_module_shop"]) {
static::loadShop();
}
}
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'textcatadmin';
$return = '';
if (!isset($_REQUEST["action"]) || $_REQUEST["action"] == '') {
$aData = $this->textcats->getCompleteTextcatForCurrentLang();
$aListSetting = [['title' => HardcodedText::get('textcatadmin_list_title_key'), 'key' => 'tc_key', 'width' => '20%', 'linked' => false], ['title' => HardcodedText::get('textcatadmin_list_title_text'), 'key' => 'tcl_text', 'width' => '80%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => HardcodedText::get('textcatadmin_list_title_edit'), 'key' => 'tc_id', 'width' => 35, 'linked' => true, 'ltarget' => '/_admin/textcatadmin.html', 'lkeyname' => 'id', 'lgetvars' => ['action' => 'edit']]];
$return .= Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
} elseif ($_GET["action"] == 'edit' || $_GET["action"] == 'delete') {
if ($_GET["action"] == 'delete' && isset($_POST["delete"]) && $_POST["delete"] == 'do') {
$this->textcats->deleteText($_GET["id"]);
$this->P->cb_customdata["deleted"] = true;
} else {
$this->P->cb_customdata["edit"] = true;
$this->textcats->initTextIfVoid($_GET["id"]);
// if post:edit is set, update
if (isset($_POST["edit"]) && $_POST["edit"] == 'do') {
if (HelperConfig::$core['textcat_enable_purifier']) {
$this->textcats->purifier = \HaaseIT\HCSF\Helper::getPurifier('textcat');
} else {
$this->textcats->purifier = false;
}
$this->textcats->saveText($_POST["lid"], $_POST["text"]);
$this->P->cb_customdata["updated"] = true;
}
$aData = $this->textcats->getSingleTextByID($_GET["id"]);
$this->P->cb_customdata["editform"] = ['id' => $aData["tc_id"], 'lid' => $aData["tcl_id"], 'key' => $aData["tc_key"], 'lang' => $aData["tcl_lang"], 'text' => $aData["tcl_text"]];
// show archived versions of this textcat
/** @var \PDOStatement $hResult */
$hResult = $this->serviceManager->get('db')->query('SELECT * FROM textcat_lang_archive WHERE tcl_id = ' . $aData["tcl_id"] . " AND tcl_lang = '" . HelperConfig::$lang . "' ORDER BY tcla_timestamp DESC");
$iArchivedRows = $hResult->rowCount();
if ($iArchivedRows > 0) {
$aListSetting = [['title' => 'tcla_timestamp', 'key' => 'tcla_timestamp', 'width' => '15%', 'linked' => false], ['title' => 'tcl_text', 'key' => 'tcl_text', 'width' => '85%', 'linked' => false, 'escapehtmlspecialchars' => true]];
$aData = $hResult->fetchAll();
$this->P->cb_customdata['archived_list'] = Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
}
}
} elseif ($_GET["action"] == 'add') {
$this->P->cb_customdata["add"] = true;
if (isset($_POST["add"]) && $_POST["add"] == 'do') {
$this->P->cb_customdata["err"] = $this->textcats->verifyAddTextKey($_POST["key"]);
if (count($this->P->cb_customdata["err"]) == 0) {
$this->P->cb_customdata["addform"] = ['key' => $_POST["key"], 'id' => $this->textcats->addTextKey($_POST["key"])];
}
}
}
$this->P->oPayload->cl_html = $return;
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'pageadmin';
// adding language to page here
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == 'insert_lang') {
$Ptoinsertlang = new UserPage($this->serviceManager, $_REQUEST["page_key"], true);
if ($Ptoinsertlang->cb_id != NULL && $Ptoinsertlang->oPayload->cl_id == NULL) {
$Ptoinsertlang->oPayload->insert($Ptoinsertlang->cb_id);
header('Location: /_admin/pageadmin.html?page_key=' . $Ptoinsertlang->cb_key . '&action=edit');
die;
} else {
die(HardcodedText::get('pageadmin_exception_couldnotinsertlang'));
}
}
if (!isset($this->get["action"])) {
$this->P->cb_customdata["pageselect"] = $this->showPageselect();
} elseif (($this->get["action"] == 'edit' || $this->get["action"] == 'delete') && isset($_REQUEST["page_key"]) && $_REQUEST["page_key"] != '') {
if ($this->get["action"] == 'delete' && isset($this->post["delete"]) && $this->post["delete"] == 'do') {
// delete and put message in customdata
$Ptodelete = new UserPage($this->serviceManager, $this->get["page_key"], true);
if ($Ptodelete->cb_id != NULL) {
$Ptodelete->remove();
} else {
die(HardcodedText::get('pageadmin_exception_pagetodeletenotfound'));
}
$this->P->cb_customdata["deleted"] = true;
} else {
// edit or update page
if (isset($_REQUEST["page_key"]) && ($Ptoedit = new UserPage($this->serviceManager, $_REQUEST["page_key"], true))) {
if (isset($_REQUEST["action_a"]) && $_REQUEST["action_a"] == 'true') {
if (HelperConfig::$core['pagetext_enable_purifier']) {
$purifier = \HaaseIT\HCSF\Helper::getPurifier('page');
} else {
$purifier = false;
}
$Ptoedit->cb_pagetype = $this->post['page_type'];
$Ptoedit->cb_group = $this->post['page_group'];
$Ptoedit->cb_pageconfig = $this->post['page_config'];
$Ptoedit->cb_subnav = $this->post['page_subnav'];
$Ptoedit->purifier = $purifier;
$Ptoedit->write();
if ($Ptoedit->oPayload->cl_id != NULL) {
$Ptoedit->oPayload->cl_html = $this->post['page_html'];
$Ptoedit->oPayload->cl_title = $this->post['page_title'];
$Ptoedit->oPayload->cl_description = $this->post['page_description'];
$Ptoedit->oPayload->cl_keywords = $this->post['page_keywords'];
$Ptoedit->oPayload->purifier = $purifier;
$Ptoedit->oPayload->write();
}
$Ptoedit = new UserPage($this->serviceManager, $_REQUEST["page_key"], true);
$this->P->cb_customdata["updated"] = true;
}
$this->P->cb_customdata["page"] = $Ptoedit;
$this->P->cb_customdata["admin_page_types"] = HelperConfig::$core["admin_page_types"];
$this->P->cb_customdata["admin_page_groups"] = HelperConfig::$core["admin_page_groups"];
$aOptions = [''];
foreach (HelperConfig::$navigation as $sKey => $aValue) {
if ($sKey == 'admin') {
continue;
}
$aOptions[] = $sKey;
}
$this->P->cb_customdata["subnavarea_options"] = $aOptions;
unset($aOptions);
// show archived versions of this page
if ($Ptoedit->oPayload->cl_id != NULL) {
/** @var \PDOStatement $hResult */
$hResult = $this->serviceManager->get('db')->query('SELECT * FROM content_lang_archive WHERE cl_id = ' . $Ptoedit->oPayload->cl_id . " AND cl_lang = '" . HelperConfig::$lang . "' ORDER BY cla_timestamp DESC");
$iArchivedRows = $hResult->rowCount();
if ($iArchivedRows > 0) {
$aListSetting = [['title' => 'cla_timestamp', 'key' => 'cla_timestamp', 'width' => '15%', 'linked' => false], ['title' => 'cl_html', 'key' => 'cl_html', 'width' => '40%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_keywords', 'key' => 'cl_keywords', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_description', 'key' => 'cl_description', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_title', 'key' => 'cl_title', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true]];
$aData = $hResult->fetchAll();
$this->P->cb_customdata['archived_list'] = \HaaseIT\Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
}
}
} else {
die(HardcodedText::get('pageadmin_exception_pagenotfound'));
}
}
} elseif ($this->get["action"] == 'addpage') {
$aErr = [];
if (isset($this->post["addpage"]) && $this->post["addpage"] == 'do') {
$sPagekeytoadd = \trim(\filter_input(INPUT_POST, 'pagekey', FILTER_SANITIZE_SPECIAL_CHARS));
if (mb_substr($sPagekeytoadd, 0, 2) == '/_') {
$aErr["reservedpath"] = true;
} elseif (strlen($sPagekeytoadd) < 4) {
$aErr["keytooshort"] = true;
} else {
$Ptoadd = new UserPage($this->serviceManager, $sPagekeytoadd, true);
if ($Ptoadd->cb_id == NULL) {
if ($Ptoadd->insert($sPagekeytoadd)) {
header('Location: /_admin/pageadmin.html?page_key=' . $sPagekeytoadd . '&action=edit');
die;
} else {
die(HardcodedText::get('pageadmin_exception_couldnotinsertpage'));
}
} else {
$aErr["keyalreadyinuse"] = true;
}
}
$this->P->cb_customdata["err"] = $aErr;
unset($aErr);
}
$this->P->cb_customdata["showaddform"] = true;
}
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'shop/itemadmin';
if (isset($this->get["action"]) && $this->get["action"] == 'insert_lang') {
$aItemdata = $this->admin_getItem();
if (isset($aItemdata["base"]) && !isset($aItemdata["text"])) {
$aData = ['itml_pid' => $aItemdata["base"]['itm_id'], 'itml_lang' => HelperConfig::$lang];
$sql = DBTools::buildInsertQuery($aData, 'item_lang');
$this->db->exec($sql);
header('Location: /_admin/itemadmin.html?itemno=' . $this->get["itemno"] . '&action=showitem');
die;
}
}
$this->P->cb_customdata["searchform"] = $this->admin_prepareItemlistsearchform();
if (isset($this->get["action"])) {
if ($this->get["action"] == 'search') {
$this->P->cb_customdata["searchresult"] = true;
if ($aItemlist = $this->admin_getItemlist()) {
if (count($aItemlist["data"]) == 1) {
$aItemdata = $this->admin_getItem($aItemlist["data"][0]['itm_no']);
$this->P->cb_customdata["item"] = $this->admin_prepareItem($aItemdata);
} else {
$this->P->cb_customdata["itemlist"] = $this->admin_prepareItemlist($aItemlist);
}
}
} elseif (isset($this->post["doaction"]) && $this->post["doaction"] == 'edititem') {
$this->admin_updateItem(\HaaseIT\HCSF\Helper::getPurifier('item'));
$this->P->cb_customdata["itemupdated"] = true;
$aItemdata = $this->admin_getItem();
$this->P->cb_customdata["item"] = $this->admin_prepareItem($aItemdata);
} elseif ($this->get["action"] == 'showitem') {
$aItemdata = $this->admin_getItem();
$this->P->cb_customdata["item"] = $this->admin_prepareItem($aItemdata);
} elseif ($this->get["action"] == 'additem') {
$aErr = [];
if (isset($this->post["additem"]) && $this->post["additem"] == 'do') {
if (strlen($this->post["itemno"]) < 4) {
$aErr["itemnotooshort"] = true;
} else {
$sql = 'SELECT itm_no FROM item_base WHERE itm_no = \'';
$sql .= \trim(\filter_input(INPUT_POST, 'itemno', FILTER_SANITIZE_SPECIAL_CHARS)) . "'";
$hResult = $this->db->query($sql);
$iRows = $hResult->rowCount();
if ($iRows > 0) {
$aErr["itemnoalreadytaken"] = true;
} else {
$aData = ['itm_no' => trim(\filter_input(INPUT_POST, 'itemno', FILTER_SANITIZE_SPECIAL_CHARS))];
$sql = DBTools::buildInsertQuery($aData, 'item_base');
$this->db->exec($sql);
$iInsertID = $this->db->lastInsertId();
$sql = 'SELECT itm_no FROM item_base WHERE itm_id = ' . $iInsertID;
$hResult = $this->db->query($sql);
$aRow = $hResult->fetch();
header('Location: /_admin/itemadmin.html?itemno=' . $aRow['itm_no'] . '&action=showitem');
die;
}
}
}
$this->P->cb_customdata["showaddform"] = true;
$this->P->cb_customdata["err"] = $aErr;
}
}
}
public static function sendVerificationMail($sEmailVerificationcode, $sTargetAddress, ServiceManager $serviceManager, $bCust = false)
{
if ($bCust) {
$sSubject = $serviceManager->get('textcats')->T("register_mail_emailverification_subject");
$aP['link'] = 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$aP['link'] .= $_SERVER["SERVER_NAME"] . '/_misc/verifyemail.html?key=' . $sEmailVerificationcode;
$sMessage = $serviceManager->get('twig')->render('customer/sendverificationmail.twig', $aP);
} else {
$sSubject = HardcodedText::get('newcustomerregistration_mail_subject');
$sMessage = HardcodedText::get('newcustomerregistration_mail_text1') . ' ';
$sMessage .= $sTargetAddress . HardcodedText::get('newcustomerregistration_mail_text2') . ' ' . date(HelperConfig::$core['locale_format_date_time']);
$sTargetAddress = HelperConfig::$core["email_sender"];
}
\HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage);
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'shop/itemgroupadmin';
$return = '';
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == 'insert_lang') {
$sql = 'SELECT itmg_id FROM itemgroups_base WHERE itmg_id = :gid';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':gid', $_REQUEST["gid"]);
$hResult->execute();
$iNumRowsBasis = $hResult->rowCount();
$sql = 'SELECT itmgt_id FROM itemgroups_text WHERE itmgt_pid = :gid AND itmgt_lang = :lang';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':gid', $_REQUEST["gid"]);
$hResult->bindValue(':lang', HelperConfig::$lang);
$hResult->execute();
$iNumRowsLang = $hResult->rowCount();
if ($iNumRowsBasis == 1 && $iNumRowsLang == 0) {
$iGID = filter_var($_REQUEST["gid"], FILTER_SANITIZE_NUMBER_INT);
$aData = ['itmgt_pid' => $iGID, 'itmgt_lang' => HelperConfig::$lang];
$sql = DBTools::buildPSInsertQuery($aData, 'itemgroups_text');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
header('Location: /_admin/itemgroupadmin.html?gid=' . $iGID . '&action=editgroup');
die;
}
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == 'editgroup') {
if (isset($_REQUEST["do"]) && $_REQUEST["do"] == 'true') {
$this->P->cb_customdata["updatestatus"] = $this->admin_updateGroup(\HaaseIT\HCSF\Helper::getPurifier('itemgroup'));
}
$iGID = filter_var($_REQUEST["gid"], FILTER_SANITIZE_NUMBER_INT);
$aGroup = $this->admin_getItemgroups($iGID);
if (isset($_REQUEST["added"])) {
$this->P->cb_customdata["groupjustadded"] = true;
}
$this->P->cb_customdata["showform"] = 'edit';
$this->P->cb_customdata["group"] = $this->admin_prepareGroup('edit', $aGroup[0]);
} elseif (isset($_REQUEST["action"]) && $_REQUEST["action"] == 'addgroup') {
$aErr = [];
if (isset($_REQUEST["do"]) && $_REQUEST["do"] == 'true') {
$sName = filter_var($_REQUEST["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$sGNo = filter_var($_REQUEST["no"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$sImg = filter_var($_REQUEST["img"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if (strlen($sName) < 3) {
$aErr["nametooshort"] = true;
}
if (strlen($sGNo) < 3) {
$aErr["grouptooshort"] = true;
}
if (count($aErr) == 0) {
$sql = 'SELECT itmg_no FROM itemgroups_base WHERE itmg_no = :no';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':no', $sGNo);
$hResult->execute();
if ($hResult->rowCount() > 0) {
$aErr["duplicateno"] = true;
}
}
if (count($aErr) == 0) {
$aData = ['itmg_name' => $sName, 'itmg_no' => $sGNo, 'itmg_img' => $sImg];
$sql = DBTools::buildPSInsertQuery($aData, 'itemgroups_base');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$iLastInsertID = $this->db->lastInsertId();
header('Location: /_admin/itemgroupadmin.html?action=editgroup&added&gid=' . $iLastInsertID);
die;
} else {
$this->P->cb_customdata["err"] = $aErr;
$this->P->cb_customdata["showform"] = 'add';
$this->P->cb_customdata["group"] = $this->admin_prepareGroup('add');
}
} else {
$this->P->cb_customdata["showform"] = 'add';
$this->P->cb_customdata["group"] = $this->admin_prepareGroup('add');
}
} else {
if (!($return .= $this->admin_showItemgroups($this->admin_getItemgroups('')))) {
$this->P->cb_customdata["err"]["nogroupsavaliable"] = true;
}
}
$this->P->oPayload->cl_html = $return;
}
<?php
/*
HCSF - A multilingual CMS and Shopsystem
Copyright (C) 2014 Marcus Haase - mail@marcus.haase.name
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require __DIR__ . '/../src/bootstrap.php';
$aP = \HaaseIT\HCSF\Helper::generatePage($serviceManager, $P);
$response = new \Zend\Diactoros\Response();
$response = $response->withStatus($P->iStatus);
$response->getBody()->write($serviceManager->get('twig')->render(\HaaseIT\HCSF\HelperConfig::$core["template_base"], $aP));
$emitter = new \Zend\Diactoros\Response\SapiEmitter();
$emitter->emit($response);
/**
* @param $aErr
* @return array
*/
private function handleForgotPassword($aErr)
{
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$aErr[] = 'emailinvalid';
} else {
$sql = 'SELECT * FROM customer WHERE cust_email = :email';
$sEmail = filter_var(trim(\HaaseIT\Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
if ($hResult->rowCount() != 1) {
$aErr[] = 'emailunknown';
} else {
$aResult = $hResult->fetch();
$iTimestamp = time();
if ($iTimestamp - HOUR < $aResult['cust_pwresettimestamp']) {
// 1 hour delay between requests
$aErr[] = 'pwresetstilllocked';
} else {
$sResetCode = md5($aResult['cust_email'] . $iTimestamp);
$aData = ['cust_pwresetcode' => $sResetCode, 'cust_pwresettimestamp' => $iTimestamp, 'cust_id' => $aResult['cust_id']];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sTargetAddress = $aResult['cust_email'];
$sSubject = $this->textcats->T("forgotpw_mail_subject");
$sMessage = $this->textcats->T("forgotpw_mail_text1");
$sMessage .= "<br><br>" . '<a href="http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '">';
$sMessage .= 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '</a>';
$sMessage .= '<br><br>' . $this->textcats->T("forgotpw_mail_text2");
\HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage);
}
}
}
return $aErr;
}
/**
* @param $iInsertID
* @param $sMailbody_us
* @param $sMailbody_they
* @param $aImagesToSend
*/
private function sendCheckoutMails($iInsertID, $sMailbody_us, $sMailbody_they, $aImagesToSend)
{
if (isset(HelperConfig::$shop["email_orderconfirmation_attachment_cancellationform_" . HelperConfig::$lang]) && file_exists(PATH_DOCROOT . HelperConfig::$core['directory_emailattachments'] . '/' . HelperConfig::$shop["email_orderconfirmation_attachment_cancellationform_" . HelperConfig::$lang])) {
$aFilesToSend[] = PATH_DOCROOT . HelperConfig::$core['directory_emailattachments'] . '/' . HelperConfig::$shop["email_orderconfirmation_attachment_cancellationform_" . HelperConfig::$lang];
} else {
$aFilesToSend = [];
}
Helper::mailWrapper($this->post["email"], $this->textcats->T("shoppingcart_mail_subject") . ' ' . $iInsertID, $sMailbody_they, $aImagesToSend, $aFilesToSend);
Helper::mailWrapper(HelperConfig::$core["email_sender"], 'Bestellung im Webshop Nr: ' . $iInsertID, $sMailbody_us, $aImagesToSend);
}
