/** * @param File $file * @return mixed */ public static function getNext($file) { $module = App::module('bixie/download'); return self::where(['title < ?', 'status = ?'], [$file->title, '1'])->where(function ($query) { return $query->where('roles IS NULL')->whereInSet('roles', App::user()->roles, false, 'OR'); })->orderBy($module->config('ordering'), $module->config('ordering_dir'))->first(); }
/** * @param FieldValueBase $fieldValue * @return array */ public function uploadAction(FieldValueBase $fieldValue) { try { if (!($path = $this->getPath($fieldValue->field->get('path')))) { return $this->error(__('Invalid path.')); } if (!is_dir($path) || !App::user()->hasAccess('system: manage storage | bixframework: upload files')) { return $this->error(__('Permission denied.')); } $fileInfo = []; $files = App::request()->files->get('files'); if (!$files) { return $this->error(__('No files uploaded.')); } /** @var UploadedFile $file */ foreach ($files as $file) { if (!$file->isValid()) { return $this->error(sprintf(__('Uploaded file invalid. (%s)'), $file->getErrorMessage())); } if (!($ext = $file->guessExtension()) or !in_array($ext, $fieldValue->field->get('allowed', []))) { return $this->error(__('File extension not allowed.')); } if (!($size = $file->getClientSize()) or $size > $fieldValue->field->get('max_size', 0) * 1024 * 1024) { return $this->error(__('File is too large.')); } //give file unique name $localFile = $file->move($path, sprintf('%d%d-%s', microtime(true) * 10000, rand(), preg_replace("/[^a-zA-Z0-9\\.]/", "-", $file->getClientOriginalName()))); $fileInfo[] = ['name' => $file->getClientOriginalName(), 'size' => $localFile->getSize(), 'path' => str_replace(App::path(), '', $localFile->getPathname()), 'url' => ltrim(App::url()->getStatic($localFile->getPathname(), [], 'base'), '/')]; } return ['message' => __('Upload complete.'), 'files' => $fileInfo]; } catch (\Exception $e) { return $this->error(__('Unable to upload.')); } }
/** * @Request({"email": "string"}) */ public function requestAction($email) { try { if (App::user()->isAuthenticated()) { return App::redirect(); } if (!App::csrf()->validate()) { throw new Exception(__('Invalid token. Please try again.')); } if (empty($email)) { throw new Exception(__('Enter a valid email address.')); } if (!($user = User::findByEmail($email))) { throw new Exception(__('Unknown email address.')); } if ($user->isBlocked()) { throw new Exception(__('Your account has not been activated or is blocked.')); } $user->activation = App::get('auth.random')->generateString(32); $url = App::url('@user/resetpassword/confirm', ['user' => $user->username, 'key' => $user->activation], 0); try { $mail = App::mailer()->create(); $mail->setTo($user->email)->setSubject(__('Reset password for %site%.', ['%site%' => App::module('system/site')->config('title')]))->setBody(App::view('system/user:mails/reset.php', compact('user', 'url', 'mail')), 'text/html')->send(); } catch (\Exception $e) { throw new Exception(__('Unable to send confirmation link.')); } $user->save(); return ['message' => __('Check your email for the confirmation link.')]; } catch (Exception $e) { App::abort(400, $e->getMessage()); } }
/** * @Request({"user": "******"}, csrf=true) */ public function saveAction($data) { $user = App::user(); if (!$user->isAuthenticated()) { App::abort(404); } try { $user = User::find($user->id); if ($password = @$data['password_new']) { if (!App::auth()->getUserProvider()->validateCredentials($user, ['password' => @$data['password_old']])) { throw new Exception(__('Invalid Password.')); } if (trim($password) != $password || strlen($password) < 3) { throw new Exception(__('Invalid Password.')); } $user->password = App::get('auth.password')->hash($password); } if (@$data['email'] != $user->email) { $user->set('verified', false); } $user->name = @$data['name']; $user->email = @$data['email']; $user->validate(); $user->save(); return ['message' => 'success']; } catch (Exception $e) { App::abort(400, $e->getMessage()); } }
/** * @Route("/", methods="GET") * @Request({"filter": "array", "post":"int", "page":"int", "limit":"int"}) */ public function indexAction($filter = [], $post = 0, $page = 0, $limit = 0) { $query = Comment::query(); $filter = array_merge(array_fill_keys(['status', 'search', 'order'], ''), $filter); extract($filter, EXTR_SKIP); if ($post) { $query->where(['post_id = ?'], [$post]); } elseif (!$this->user->hasAccess('blog: manage comments')) { App::abort(403, __('Insufficient user rights.')); } if (!$this->user->hasAccess('blog: manage comments')) { $query->where(['status = ?'], [Comment::STATUS_APPROVED]); if ($this->user->isAuthenticated()) { $query->orWhere(function ($query) { $query->where(['status = ?', 'user_id = ?'], [Comment::STATUS_PENDING, App::user()->id]); }); } } elseif (is_numeric($status)) { $query->where(['status = ?'], [(int) $status]); } else { $query->where(function ($query) { $query->orWhere(['status = ?', 'status = ?'], [Comment::STATUS_APPROVED, Comment::STATUS_PENDING]); }); } if ($search) { $query->where(function ($query) use($search) { $query->orWhere(['author LIKE ?', 'email LIKE ?', 'url LIKE ?', 'ip LIKE ?', 'content LIKE ?'], array_fill(0, 5, "%{$search}%")); }); } $count = $query->count(); $pages = ceil($count / ($limit ?: PHP_INT_MAX)); $page = max(0, min($pages - 1, $page)); if ($limit) { $query->offset($page * $limit)->limit($limit); } if (preg_match('/^(created)\\s(asc|desc)$/i', $order, $match)) { $order = $match; } else { $order = [1 => 'created', 2 => App::module('blog')->config('comments.order')]; } $comments = $query->related(['post' => function ($query) { return $query->related('comments'); }])->related('user')->orderBy($order[1], $order[2])->get(); $posts = []; foreach ($comments as $i => $comment) { $p = $comment->post; if ($post && (!$p || !$p->hasAccess($this->user) || !($p->isPublished() || $this->user->hasAccess('blog: manage comments')))) { App::abort(403, __('Post not found.')); } $comment->content = App::content()->applyPlugins($comment->content, ['comment' => true]); $posts[$p->id] = $p; $comment->special = count(array_diff($comment->user ? $comment->user->roles : [], [0, 1, 2])); $comment->post = null; $comment->user = null; } $comments = array_values($comments); $posts = array_values($posts); return compact('comments', 'posts', 'pages', 'count'); }
/** * {@inheritdoc} */ public function jsonSerialize() { $form = $this->toArray(); if (is_array($form['data']) && !App::user()->isAdministrator()) { unset($form['data']['submitEmail']); } return $form; }
/** * @Route(defaults={"_maintenance"=true}) * @Request({"redirect"}) */ public function loginAction($redirect = '') { if (App::user()->isAuthenticated()) { App::message()->info(__('You are already logged in.')); return App::redirect(); } return ['$view' => ['title' => __('Login'), 'name' => 'system/user/login.php'], 'last_username' => App::session()->get(Auth::LAST_USERNAME), 'redirect' => $redirect]; }
/** * @param User|null $user * @return ProfileUser */ public static function load(User $user = null) { $user = $user ?: App::user(); $class = get_called_class(); if (!isset(self::$instances[$user->id]) || !self::$instances[$user->id] instanceof $class) { self::$instances[$user->id] = new $class($user); } return self::$instances[$user->id]; }
/** * registration override page * @Route("/registration") */ public function registrationAction() { $user = App::user(); $userprofile = App::module('bixie/userprofile'); if ($user->isAuthenticated()) { return App::redirect('@userprofile'); } return ['$view' => ['title' => __('User registration'), 'name' => 'bixie/userprofile/registration.php'], '$data' => ['config' => $userprofile->config(), 'user' => ['id' => null, 'username' => '', 'name' => '', 'email' => '']]]; }
/** * @Route("/{id}", methods="DELETE", requirements={"id"="\d+"}) * @Request({"id": "int"}, csrf=true) */ public function deleteAction($id) { if ($project = Project::find($id)) { if (!App::user()->hasAccess('portfolio: manage portfolio')) { return ['error' => __('Access denied.')]; } $project->delete(); } return ['message' => 'success']; }
/** * @Route("/{id}", methods="DELETE", requirements={"id"="\d+"}) * @Request({"id": "int"}, csrf=true) */ public function deleteAction($id) { if ($project = File::find($id)) { if (!App::user()->hasAccess('download: manage downloads')) { return ['error' => __('Access denied.')]; } $project->delete(); } return ['message' => 'success']; }
/** * @Access(admin=true) * @Request({"order": "array"}) */ public function adminMenuAction($order) { if (!$order) { App::abort(400, __('Missing order data.')); } $user = User::find(App::user()->id); $user->set('admin.menu', $order); $user->save(); return ['message' => __('Order saved.')]; }
/** * @Route(defaults={"_maintenance"=true}) * @Request({"redirect"}) */ public function loginAction($redirect = '') { if (!$redirect) { $redirect = App::url(App::config('system/user')['login_redirect']); } if (App::user()->isAuthenticated()) { return App::redirect($redirect); } return ['$view' => ['title' => __('Login'), 'name' => 'system/user/login.php'], 'last_username' => App::session()->get(Auth::LAST_USERNAME), 'redirect' => $redirect]; }
/** * @Route(defaults={"_maintenance"=true}) * @Request({"redirect"}) */ public function loginAction($redirect = '') { if (App::user()->isAuthenticated()) { $module = App::module('system/user'); $url = App::url($module->config['login_redirect']); return App::redirect($url); } return self::loginView(['last_username' => App::session()->get(Auth::LAST_USERNAME), 'redirect' => $redirect]); return ['$view' => ['title' => __('Login'), 'name' => 'system/user/login.php'], 'last_username' => App::session()->get(Auth::LAST_USERNAME), 'redirect' => $redirect]; }
public function indexAction($id = 0) { if (!($page = Page::find($id))) { App::abort(404, __('Page not found.')); } if (!App::node()->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $page->content = App::content()->applyPlugins($page->content, ['page' => $page, 'markdown' => $page->get('markdown')]); return ['$view' => ['title' => $page->title, 'name' => 'system/site/page.php'], 'page' => $page, 'node' => App::node()]; }
public static function getProfileFields($checkAccess = true) { $user = App::user(); $data = []; foreach (self::query()->get() as $field) { if ($checkAccess === false || $field->hasAccess($user)) { $data[$field->id] = $field; } } return $data; }
/** * Reads the access expressions and evaluates them on the current user. */ public function onLateRequest($event, $request) { if (!($access = $request->attributes->get('_access'))) { return; } foreach ($access as $expression) { if (!App::user()->hasAccess($expression)) { App::abort(403, __('Insufficient User Rights.')); } } }
public static function getFormmakerfields() { $user = App::user(); $data = []; foreach (self::query()->get() as $field) { if ($field->hasAccess($user)) { $data[] = $field; } } return $data; }
/** * @Route("/", methods="GET") * @Route("/{id}", methods="GET", requirements={"id"="\d+"}) */ public function indexAction($id = 0) { $self = App::user(); $userprofile = App::module('bixie/userprofile'); $id = $id ?: $self->id; if (!$self->hasAccess('user: manage users') && $id != $self->id) { App::abort(403, 'Insufficient permissions.'); } if (!($user = User::find($id))) { App::abort(404, 'User not found.'); } return ['config' => $userprofile->config(), 'fields' => Field::getProfileFields(), 'profilevalues' => Profilevalue::getUserProfilevalues($user), 'user' => ['id' => $user->id, 'username' => $user->username, 'name' => $user->name, 'email' => $user->email]]; }
/** * @Route("/{id}", name="id") */ public function postAction($id = 0) { if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) { App::abort(404, __('Post not found!')); } if (!$post->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]); $post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]); $user = App::user(); return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php'], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth')], 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]], 'blog' => $this->blog, 'post' => $post]; }
/** * @Route("/{id}") */ public function formAction($id = 0) { $user = App::user(); if (!($form = Form::where(['id = ?'], [$id])->where(function ($query) use($user) { if (!$user->isAdministrator()) { $query->where('status = 1'); } })->related('fields')->first())) { App::abort(404, __('Form not found!')); } if (!App::node()->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } return ['$view' => ['title' => __($form->title), 'name' => 'formmaker:views/form.php'], '$data' => ['formitem' => $form, 'fields' => array_values($form->fields)]]; }
/** * Gets the user roles. * * @param User $user * @return array */ protected function getRoles(User $user = null) { $roles = []; $self = $user && $user->id === App::user()->id; foreach (Role::where(['id <> ?'], [Role::ROLE_ANONYMOUS])->orderBy('priority')->get() as $role) { $r = $role->jsonSerialize(); if ($role->isAuthenticated()) { $r['disabled'] = true; } if ($user && $role->isAdministrator() && (!App::user()->isAdministrator() || $self)) { $r['disabled'] = true; } $roles[$r['id']] = $r; } return $roles; }
/** * @Route("/") */ public function indexAction() { if (!App::node()->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $query = Project::where(['date < ?'], [new \DateTime()])->orderBy('date', 'DESC'); $portfolio_text = ''; if ($this->portfolio->config('portfolio_text')) { $portfolio_text = App::content()->applyPlugins($this->portfolio->config('portfolio_text'), ['markdown' => $this->portfolio->config('markdown_enabled')]); } foreach ($projects = $query->get() as $project) { $project->intro = App::content()->applyPlugins($project->intro, ['project' => $project, 'markdown' => $project->get('markdown')]); $project->content = App::content()->applyPlugins($project->content, ['project' => $project, 'markdown' => $project->get('markdown'), 'readmore' => true]); } return ['$view' => ['title' => $this->portfolio->config('portfolio_title') ?: App::node()->title, 'name' => 'bixie/portfolio/portfolio.php'], 'tags' => Project::allTags(), 'portfolio' => $this->portfolio, 'config' => $this->portfolio->config(), 'portfolio_text' => $portfolio_text, 'projects' => $projects]; }
/** * Adds a menu item. * * @param string $id * @param array $item */ public function addItem($id, array $item) { $meta = App::user()->get('admin.menu', []); $route = App::request()->attributes->get('_route'); $item = new ArrObject($item, ['id' => $id, 'label' => $id, 'parent' => 'root', 'priority' => 0]); if (!App::user()->hasAccess($item['access'])) { return; } if (isset($meta[$id])) { $item['priority'] = $meta[$id]; } if ($item['icon']) { $item['icon'] = App::url()->getStatic($item['icon']); } $item['active'] = (bool) preg_match('#^' . str_replace('*', '.*', $item['active'] ?: $item['url']) . '$#', $route); $item['url'] = App::url($item['url']); $this->items[$id] = $item; }
/** * @Route("/{id}", name="id") */ public function postAction($id = 0) { if (!($post = Post::where(['id = ?', 'status = ?', 'date < ?'], [$id, Post::STATUS_PUBLISHED, new \DateTime()])->related('user')->first())) { App::abort(404, __('Post not found!')); } if (!$post->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } $post->excerpt = App::content()->applyPlugins($post->excerpt, ['post' => $post, 'markdown' => $post->get('markdown')]); $post->content = App::content()->applyPlugins($post->content, ['post' => $post, 'markdown' => $post->get('markdown')]); $user = App::user(); $description = $post->get('meta.og:description'); if (!$description) { $description = strip_tags($post->excerpt ?: $post->content); $description = rtrim(mb_substr($description, 0, 150), " \t\n\r\v.,") . '...'; } return ['$view' => ['title' => __($post->title), 'name' => 'blog/post.php', 'og:type' => 'article', 'article:published_time' => $post->date->format(\DateTime::ATOM), 'article:modified_time' => $post->modified->format(\DateTime::ATOM), 'article:author' => $post->user->name, 'og:title' => $post->get('meta.og:title') ?: $post->title, 'og:description' => $description, 'og:image' => $post->get('image.src') ? App::url()->getStatic($post->get('image.src'), [], 0) : false], '$comments' => ['config' => ['post' => $post->id, 'enabled' => $post->isCommentable(), 'requireinfo' => $this->blog->config('comments.require_email'), 'max_depth' => $this->blog->config('comments.max_depth'), 'user' => ['name' => $user->name, 'isAuthenticated' => $user->isAuthenticated(), 'canComment' => $user->hasAccess('blog: post comments'), 'skipApproval' => $user->hasAccess('blog: skip comment approval')]]], 'blog' => $this->blog, 'post' => $post]; }
/** * @Route("/{id}", name="id") * @Request({"id": "integer", "key": "string", "pkey": "string"}) * @param integer $id File id * @param string $key session key * @param string $purchaseKey optional purchase key * @return BinaryFileResponse */ public function downloadAction($id, $key, $purchaseKey) { //todo return proper errors if (!($file = File::where(['id = ?', 'status = ?'], [$id, 1])->first())) { App::abort(404, __('File not found.')); } if (!$file->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } if (!$this->download->checkDownloadKey($file, $key, $purchaseKey)) { App::abort(400, __('Key not valid.')); } $file->updateDownloadCount(); // Generate response $response = new BinaryFileResponse($file->path); $response->headers->set('Content-Disposition', $response->headers->makeDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, basename($file->path), mb_convert_encoding(basename($file->path), 'ASCII'))); return $response; }
/** * Puts the page in maintenance mode. */ public function onRequest($event, $request) { if (!$event->isMasterRequest()) { return; } $site = App::module('system/site'); if ($site->config('maintenance.enabled') && !(App::isAdmin() || $request->attributes->get('_maintenance') || App::user()->hasAccess('site: maintenance access'))) { $message = $site->config('maintenance.msg') ?: __("We'll be back soon."); $response = App::view('system/theme:views/maintenance.php', compact('message')); $request->attributes->set('_disable_debugbar', true); $types = $request->getAcceptableContentTypes(); if ('json' == $request->getFormat(array_shift($types))) { $response = App::response()->json($message, 503); } else { $response = App::response($response, 503); } $event->setResponse($response); } }
/** * @Request({"user": "******"}) */ public function registerAction($data) { $message = ''; try { if (App::user()->isAuthenticated() || $this->module->config('registration') == 'admin') { return App::redirect(); } if (!App::csrf()->validate()) { throw new Exception(__('Invalid token. Please try again.')); } $password = @$data['password']; if (trim($password) != $password || strlen($password) < 6) { throw new Exception(__('Password must be 6 characters or longer.')); } $user = User::create(['registered' => new \DateTime(), 'name' => @$data['name'], 'username' => @$data['username'], 'email' => @$data['email'], 'password' => App::get('auth.password')->hash($password), 'status' => User::STATUS_BLOCKED]); $token = App::get('auth.random')->generateString(32); $admin = $this->module->config('registration') == 'approval'; if ($verify = $this->module->config('require_verification')) { $user->activation = $token; } elseif ($admin) { $user->activation = $token; $user->set('verified', true); } else { $user->status = User::STATUS_ACTIVE; } $user->validate(); $user->save(); if ($verify) { $this->sendVerificationMail($user); $message = __('Complete your registration by clicking the link provided in the mail that has been sent to you.'); } elseif ($admin) { $this->sendApproveMail($user); $message = __('Your user account has been created and is pending approval by the site administrator.'); } else { $this->sendWelcomeEmail($user); $message = __('Your user account has been created.'); } } catch (Exception $e) { App::abort(400, $e->getMessage()); } App::message()->success($message); return ['message' => $message, 'redirect' => App::url('@user/login', [], true)]; }
/** * @param User|null $user * @param bool $asArray * @param bool $checkAccess * @return array|bool */ public function getProfile(User $user = null, $asArray = true, $checkAccess = true) { $profile = []; if (!$this->framework) { return $profile; } if ($user = $user ?: App::user() and $user->id > 0) { $profileValues = Profilevalue::getUserProfilevalues($user); } foreach (Field::getProfileFields($checkAccess) as $field) { $fieldValue = isset($profileValues[$field->id]) ? $profileValues[$field->id] : Profilevalue::create(['field_id' => $field->id, 'user_id' => $user->id, 'multiple' => $field->get('multiple') == 1 ? 1 : 0, 'data' => $field->get('data')])->setField($field)->setValue($field->get('value')); if ($asArray) { $profile[$field->slug] = $fieldValue->setField($field)->toFormattedArray(['id' => $fieldValue->id]); } else { $profile[$field->slug] = $fieldValue->setField($field); } } return $profile; }
/** * @Route("/") */ public function indexAction() { if (!App::node()->hasAccess(App::user())) { App::abort(403, __('Insufficient User Rights.')); } if (!preg_match('/^(date|title|priority)\\|(asc|desc)$/i', $this->portfolio->config('project_ordering', 'date|DESC'), $order)) { $order = [1 => 'date', 2 => 'desc']; } $query = Project::where(['date < ?', 'status = 1'], [new \DateTime()])->orderBy($order[1], $order[2]); $portfolio_text = ''; if ($this->portfolio->config('portfolio_text')) { $portfolio_text = App::content()->applyPlugins($this->portfolio->config('portfolio_text'), ['markdown' => $this->portfolio->config('markdown_enabled')]); } foreach ($projects = $query->get() as $project) { $project->intro = App::content()->applyPlugins($project->intro, ['project' => $project, 'markdown' => $project->get('markdown')]); $project->content = App::content()->applyPlugins($project->content, ['project' => $project, 'markdown' => $project->get('markdown'), 'readmore' => true]); } return ['$view' => ['title' => $this->portfolio->config('portfolio_title') ?: App::node()->title, 'name' => 'bixie/portfolio/portfolio.php'], 'tags' => Project::allTags(), 'portfolio' => $this->portfolio, 'config' => $this->portfolio->config(), 'portfolio_text' => $portfolio_text, 'projects' => $projects, 'node' => App::node()]; }