/** * Execute the action */ public function execute() { parent::execute(); // get parameters $charset = $this->getContainer()->getParameter('kernel.charset'); $searchTerm = \SpoonFilter::getPostValue('term', null, ''); $term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm); // validate search term if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } else { // previous search result $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : ''; \SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $term) { // format data $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie \SpoonSession::set('searchTerm', $term); // output $this->output(self::OK); } }
/** * Execute the action * * @return void */ public function execute() { // call parent, this will probably add some general CSS/JS or other required files parent::execute(); // get parameters $term = SpoonFilter::getGetValue('term', null, ''); // validate if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } // previous search result $previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : ''; SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $term) { // format data $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = FRONTEND_LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie SpoonSession::set('searchTerm', $term); // output $this->output(self::OK); }
/** * Loads the form. */ private function loadForm() { // init var $modules = array(); $checkedModules = SpoonSession::exists('modules') ? SpoonSession::get('modules') : array(); // loop required modules foreach ($this->modules['required'] as $module) { // add to the list $modules[] = array('label' => SpoonFilter::toCamelCase($module), 'value' => $module, 'attributes' => array('disabled' => 'disabled')); // update $_POST if needed if (!isset($_POST['modules']) || !is_array($_POST['modules']) || !in_array($module, $_POST['modules'])) { $_POST['modules'][] = $module; } } // loop optional modules foreach ($this->modules['optional'] as $module) { // add to the list $modules[] = array('label' => SpoonFilter::toCamelCase($module), 'value' => $module); } // add multi checkbox $this->frm->addMultiCheckbox('modules', $modules, array_unique(array_merge($this->modules['required'], $checkedModules))); // example data $this->frm->addCheckbox('example_data', SpoonSession::exists('example_data') ? SpoonSession::get('example_data') : true); // debug mode $this->frm->addCheckbox('debug_mode', SpoonSession::exists('debug_mode') ? SpoonSession::get('debug_mode') : false); // specific debug email address $this->frm->addCheckbox('different_debug_email', SpoonSession::exists('different_debug_email') ? SpoonSession::get('different_debug_email') : false); // specific debug email address text $this->frm->addText('debug_email', SpoonSession::exists('debug_email') ? SpoonSession::get('debug_email') : ''); }
/** * Check if the token is ok */ public function checkToken() { $fromSession = \SpoonSession::exists('csrf_token') ? \SpoonSession::get('csrf_token') : ''; $fromGet = \SpoonFilter::getGetValue('token', null, ''); if ($fromSession != '' && $fromGet != '' && $fromSession == $fromGet) { return; } // clear the token \SpoonSession::set('csrf_token', ''); $this->redirect(BackendModel::createURLForAction('Index', null, null, array('error' => 'csrf'))); }
/** * Loads the form. * * @return void */ private function loadForm() { // guess email $host = $_SERVER['HTTP_HOST']; $this->frm->addText('email', SpoonSession::exists('email') ? SpoonSession::get('email') : 'info@' . $host); $this->frm->addPassword('password', SpoonSession::exists('password') ? SpoonSession::get('password') : null, null, 'inputPassword', 'inputPasswordError', true); $this->frm->addPassword('confirm', SpoonSession::exists('confirm') ? SpoonSession::get('confirm') : null, null, 'inputPassword', 'inputPasswordError', true); // disable autocomplete $this->frm->getField('password')->setAttributes(array('autocomplete' => 'off')); $this->frm->getField('confirm')->setAttributes(array('autocomplete' => 'off')); }
/** * Loads the form. */ private function loadForm() { // seperate frontend/backend languages? $this->frm->addCheckbox('same_interface_language', SpoonSession::exists('same_interface_language') ? SpoonSession::get('same_interface_language') : true); // multiple or single language (frontend) $this->frm->addRadiobutton('language_type', array(array('value' => 'multiple', 'label' => 'Multiple languages', 'variables' => array('multiple' => true)), array('value' => 'single', 'label' => 'Just one language', 'variables' => array('single' => true))), SpoonSession::exists('multiple_languages') && SpoonSession::get('multiple_languages') ? 'multiple' : 'single'); // multiple languages (frontend) $this->frm->addMultiCheckbox('languages', array(array('value' => 'en', 'label' => 'English'), array('value' => 'cn', 'label' => 'Chinese'), array('value' => 'nl', 'label' => 'Dutch'), array('value' => 'fr', 'label' => 'French'), array('value' => 'de', 'label' => 'German'), array('value' => 'hu', 'label' => 'Hungarian'), array('value' => 'it', 'label' => 'Italian'), array('value' => 'ru', 'label' => 'Russian'), array('value' => 'es', 'label' => 'Spanish')), SpoonSession::exists('languages') ? SpoonSession::get('languages') : 'en'); // multiple languages (backend) $this->frm->addMultiCheckbox('interface_languages', array(array('value' => 'en', 'label' => 'English'), array('value' => 'cn', 'label' => 'Chinese'), array('value' => 'nl', 'label' => 'Dutch'), array('value' => 'fr', 'label' => 'French'), array('value' => 'de', 'label' => 'German'), array('value' => 'hu', 'label' => 'Hungarian'), array('value' => 'it', 'label' => 'Italian'), array('value' => 'ru', 'label' => 'Russian'), array('value' => 'es', 'label' => 'Spanish')), SpoonSession::exists('interface_languages') ? SpoonSession::get('interface_languages') : 'en'); // single language (frontend) $this->frm->addDropdown('language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_language') ? SpoonSession::get('default_language') : 'en'); // default language (frontend) $this->frm->addDropdown('default_language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_language') ? SpoonSession::get('default_language') : 'en'); // default language (backend) $this->frm->addDropdown('default_interface_language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_interface_language') ? SpoonSession::get('default_interface_language') : 'en'); }
/** * Loads the form. */ private function loadForm() { // guess db & username $host = $_SERVER['HTTP_HOST']; $chunks = explode('.', $host); // seems like windows can't handle localhost... $dbHost = substr(PHP_OS, 0, 3) == 'WIN' ? '127.0.0.1' : 'localhost'; // remove tld array_pop($chunks); // create base $base = implode('_', $chunks); // create input fields $this->frm->addText('hostname', SpoonSession::exists('db_hostname') ? SpoonSession::get('db_hostname') : $dbHost); $this->frm->addText('port', SpoonSession::exists('db_port') ? SpoonSession::get('db_port') : 3306, 10); $this->frm->addText('database', SpoonSession::exists('db_database') ? SpoonSession::get('db_database') : $base); $this->frm->addText('username', SpoonSession::exists('db_username') ? SpoonSession::get('db_username') : $base); $this->frm->addPassword('password', SpoonSession::exists('db_password') ? SpoonSession::get('db_password') : null); }
/** * Init database. */ public function initDatabase() { // get port $port = SpoonSession::exists('db_port') && SpoonSession::get('db_port') != '' ? SpoonSession::get('db_port') : 3306; // database instance $this->db = new SpoonDatabase('mysql', SpoonSession::get('db_hostname'), SpoonSession::get('db_username'), SpoonSession::get('db_password'), SpoonSession::get('db_database'), $port); // utf8 compliance & MySQL-timezone $this->db->execute('SET CHARACTER SET utf8, NAMES utf8, time_zone = "+0:00"'); // store Spoon::set('database', $this->db); }
/** * Validate the form */ private function validateForm() { // get settings $subscriptionsAllowed = isset($this->settings['allow_subscriptions']) && $this->settings['allow_subscriptions']; // subscriptions aren't allowed so we don't have to validate if (!$subscriptionsAllowed) { return false; } // is the form submitted if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // does the key exists? if (\SpoonSession::exists('agenda_subscription_' . $this->record['id'])) { // calculate difference $diff = time() - (int) \SpoonSession::get('agenda_subscription_' . $this->record['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->getField('message')->addError(FL::err('CommentTimeout')); } } // validate required fields $this->frm->getField('name')->isFilled(FL::err('NameIsRequired')); $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired')); // no errors? if ($this->frm->isCorrect()) { // get module setting $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation']; // reformat data $name = $this->frm->getField('name')->getValue(); $email = $this->frm->getField('email')->getValue(); // build array $subscription['agenda_id'] = $this->record['id']; $subscription['language'] = FRONTEND_LANGUAGE; $subscription['created_on'] = FrontendModel::getUTCDate(); $subscription['name'] = $name; $subscription['email'] = $email; $subscription['status'] = 'subscribed'; // get URL for article $permaLink = $this->record['full_url']; $redirectLink = $permaLink; // is moderation enabled if ($moderationEnabled) { // if the commenter isn't moderated before alter the subscription status so it will appear in the moderation queue if (!FrontendAgendaModel::isModerated($name, $email)) { $subscription['status'] = 'moderation'; } } // insert comment $subscription['id'] = FrontendAgendaModel::insertSubscription($subscription); // trigger event FrontendModel::triggerEvent('agenda', 'after_add_subscription', array('subscription' => $subscription)); // append a parameter to the URL so we can show moderation if (strpos($redirectLink, '?') === false) { if ($subscription['status'] == 'moderation') { $redirectLink .= '?subscription=moderation#' . FL::act('Subscribe'); } if ($subscription['status'] == 'subscribed') { $redirectLink .= '?subscription=true#subscription-' . $subscription['id']; } } else { if ($subscription['status'] == 'moderation') { $redirectLink .= '&subscription=moderation#' . FL::act('Subscribe'); } if ($subscription['status'] == 'subscribed') { $redirectLink .= '&subscription=true#comment-' . $subscription['id']; } } // set title $subscription['agenda_title'] = $this->record['title']; $subscription['agenda_url'] = $this->record['url']; // notify the admin FrontendAgendaModel::notifyAdmin($subscription); // store timestamp in session so we can block excessive usage \SpoonSession::set('agenda_subscription_' . $this->record['id'], time()); // store author-data in cookies try { Cookie::set('subscription_author', $name); Cookie::set('subscription_email', $email); } catch (Exception $e) { // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception } // redirect $this->redirect($redirectLink); } } }
$tpl->assign('longitude', $latestCheckIn->pub->longitude); $tpl->assign('latitude', $latestCheckIn->pub->latitude); $tpl->assign('people', $latestCheckIn->pub->getNumberPeople()); $tpl->assign('checkins', $latestCheckIn->pub->getNumberCheckins()); $tabs = $latestCheckIn->getTabs(); if ($tabs[0] !== null) { $tpl->assign('iTabs', $tabs); $tpl->assign('oTabs', true); } else { $tpl->assign('iTabs', array()); $tpl->assign('oNoTabs', true); } //}else{ // $tpl->assign('oNoCheckIn', true); //} $user = new User(SpoonSession::exists('id')); if ($user->weight !== null && $user->gender !== null) { if ($daysAgo > 0) { $timeAgo = $daysAgo * 12 - $timeAgo; } $drinks = $latestCheckIn->getNumberTabs(); $isLegal = $user->isLegalToDrive((int) $drinks["count"], $timeAgo); if ($isLegal) { $tpl->assign('oLegalToDrive', true); } else { $tpl->assign('oNotLegalToDrive', true); } } else { $tpl->assign('oNotAbleLegalToDrive', true); } // show the output
/** * Is the current user logged in? * * @return bool */ public static function isLoggedIn() { if (BackendModel::getContainer()->has('logged_in')) { return BackendModel::getContainer()->get('logged_in'); } // check if all needed values are set in the session // @todo could be written by SpoonSession::get (since that no longer throws exceptions) if (\SpoonSession::exists('backend_logged_in', 'backend_secret_key') && (bool) \SpoonSession::get('backend_logged_in') && (string) \SpoonSession::get('backend_secret_key') != '') { // get database instance $db = BackendModel::get('database'); // get the row from the tables $sessionData = $db->getRecord('SELECT us.id, us.user_id FROM users_sessions AS us WHERE us.session_id = ? AND us.secret_key = ? LIMIT 1', array(\SpoonSession::getSessionId(), \SpoonSession::get('backend_secret_key'))); // if we found a matching row, we know the user is logged in, so we update his session if ($sessionData !== null) { // update the session in the table $db->update('users_sessions', array('date' => BackendModel::getUTCDate()), 'id = ?', (int) $sessionData['id']); // create a user object, it will handle stuff related to the current authenticated user self::$user = new User($sessionData['user_id']); // the user is logged on BackendModel::getContainer()->set('logged_in', true); return true; } } // no data found, so f**k up the session, will be handled later on in the code \SpoonSession::set('backend_logged_in', false); BackendModel::getContainer()->set('logged_in', false); \SpoonSession::set('backend_secret_key', ''); return false; }
<?php date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); SpoonSession::start(); //Content layout if (SpoonSession::exists('id') === false) { SpoonHTTP::redirect('index.php'); } $lat = SpoonFilter::getGetValue('lat', null, ''); $long = SpoonFilter::getGetValue('long', null, ''); $tpl->assign('formaction', $_SERVER['PHP_SELF'] . '?lat=' . $lat . '&long=' . $long); $msgFault = ''; $pubname = SpoonFilter::getPostValue('pubname', null, ''); if (SpoonFilter::getPostValue('btnAdd', null, '')) { if ($pubname === "") { $msgFault = "Please fill in the name of the pub."; } else { if ($lat !== "" && $long !== "") { $pub = new Pub(''); $pub->name = $pubname; $pub->latitude = $lat; $pub->longitude = $long; $id = $pub->Add();
/** * Install a module. * * @param string $module The name of the module to be installed. * @param array $information Warnings from the upload of the module. */ public static function installModule($module, array $warnings = array()) { // we need the installer require_once BACKEND_CORE_PATH . '/installer/installer.php'; require_once BACKEND_MODULES_PATH . '/' . $module . '/installer/installer.php'; // installer class name $class = SpoonFilter::toCamelCase($module) . 'Installer'; // possible variables available for the module installers $variables = array(); // run installer $installer = new $class(BackendModel::getDB(true), BL::getActiveLanguages(), array_keys(BL::getInterfaceLanguages()), false, $variables); // execute installation $installer->install(); // add the warnings foreach ($warnings as $warning) { $installer->addWarning($warning); } // save the warnings in session for later use if ($installer->getWarnings()) { $warnings = SpoonSession::exists('installer_warnings') ? SpoonSession::get('installer_warnings') : array(); $warnings = array_merge($warnings, array('module' => $module, 'warnings' => $installer->getWarnings())); SpoonSession::set('installer_warnings', $warnings); } // clear the cache so locale (and so much more) gets rebuilt self::clearCache(); }
/** * Validate the form. */ private function validateForm() { // submitted if ($this->frm->isSubmitted()) { // does the key exists? if (SpoonSession::exists('formbuilder_' . $this->item['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->addError(FL::err('FormTimeout')); } } // validate fields foreach ($this->item['fields'] as $field) { // fieldname $fieldName = 'field' . $field['id']; // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // loop other validations foreach ($field['validations'] as $rule => $settings) { // already has an error so skip if ($this->frm->getField($fieldName)->getErrors() !== null) { continue; } // required if ($rule == 'required') { $this->frm->getField($fieldName)->isFilled($settings['error_message']); } elseif ($rule == 'email') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isEmail($settings['error_message']); } } elseif ($rule == 'numeric') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isNumeric($settings['error_message']); } } } } // valid form if ($this->frm->isCorrect()) { // item $data['form_id'] = $this->item['id']; $data['session_id'] = SpoonSession::getSessionId(); $data['sent_on'] = FrontendModel::getUTCDate(); $data['data'] = serialize(array('server' => $_SERVER)); // insert data $dataId = FrontendFormBuilderModel::insertData($data); // init fields array $fields = array(); // loop all fields foreach ($this->item['fields'] as $field) { // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // field data $fieldData['data_id'] = $dataId; $fieldData['label'] = $field['settings']['label']; $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue(); // prepare fields for email if ($this->item['method'] == 'database_email') { // add field for email $emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value'])); } // clean up if (is_array($fieldData['value']) && empty($fieldData['value'])) { $fieldData['value'] = null; } // serialize if ($fieldData['value'] !== null) { $fieldData['value'] = serialize($fieldData['value']); } // save fields data $fields[] = $fieldData; // insert FrontendFormBuilderModel::insertDataField($fieldData); } // need to send mail if ($this->item['method'] == 'database_email') { // build variables $variables['sentOn'] = time(); $variables['name'] = $this->item['name']; $variables['fields'] = $emailFields; // loop recipients foreach ($this->item['email'] as $address) { // add email FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']); } } // trigger event FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId())); // store timestamp in session so we can block excesive usage SpoonSession::set('formbuilder_' . $this->item['id'], time()); // redirect $redirect = SITE_URL . '/' . $this->URL->getQueryString(); $redirect .= stripos($redirect, '?') === false ? '?' : '&'; $redirect .= 'identifier=' . $this->item['identifier']; // redirect with identifier SpoonHTTP::redirect($redirect); } else { // global form errors set if ($this->frm->getErrors() != '') { $this->tpl->assign('formBuilderError', $this->frm->getErrors()); } else { $this->tpl->assign('formBuilderError', FL::err('FormError')); } } } }
<?php date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); // do I know you? if (SpoonSession::exists('public_uid')) { $tpl->assign('oLogout', true); $tpl->assign('oNavMe', true); $uid = SpoonSession::get('public_uid'); $user = new User($uid); if ($user->GetFollowing() != null) { $values = $user->GetFollowing(); $following = array(); foreach ($values as $value) { $userFollowing = new User($value['friend']); if ($userFollowing->fb_uid == null) { $userFollowing->fb_uid = 1; } array_push($following, get_object_vars($userFollowing)); } $tpl->assign('oFollowing', true); $tpl->assign('iFollowing', $following); } else { $tpl->assign('oNoFollowing', true);
date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); $tpl->assign('formaction', $_SERVER['PHP_SELF']); SpoonSession::start(); //Content layout $latestCheckIn = CheckIn::getLatestCheckinByUserId(SpoonSession::get('id')); $timeAgo = SpoonDate::getDate("H:i:s", strtotime($latestCheckIn->timestamp)) - SpoonDate::getDate("H:i:s"); $user = new User(SpoonFilter::getGetValue('id', null, '')); if ($user->user_id === null || SpoonSession::exists('id') === false) { SpoonHTTP::redirect('index.php'); } $recent = $user->getRecentUserDrinks($user->user_id); for ($i = 0; $i < sizeof($recent); $i++) { $recent[$i]['timestamp'] = SpoonDate::getTimeAgo(strtotime($recent[$i]['timestamp'])); if (!$recent[$i]['fb_uid']) { //else, use standard fb icon $recent[$i]['fb_uid'] = 1; $user->fb_uid = 1; } } if ($recent !== null) { $tpl->assign('oRecent', true); $tpl->assign('iRecent', $recent); } else {
/** * Validate the forms */ private function validateForm() { if ($this->frm->isSubmitted()) { $txtEmail = $this->frm->getField('backend_email'); $txtPassword = $this->frm->getField('backend_password'); // required fields if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) { // add error $this->frm->addError('fields required'); // show error $this->tpl->assign('hasError', true); } // invalid form-token? if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) { // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('400 Bad Request', true, 400); } } // all fields are ok? if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) { // try to login the user if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) { // add error $this->frm->addError('invalid login'); // store attempt in session $current = SpoonSession::exists('backend_login_attempts') ? (int) SpoonSession::get('backend_login_attempts') : 0; // increment and store SpoonSession::set('backend_login_attempts', ++$current); // show error $this->tpl->assign('hasError', true); } } // check sessions if (SpoonSession::exists('backend_login_attempts') && (int) SpoonSession::get('backend_login_attempts') >= 5) { // get previous attempt $previousAttempt = SpoonSession::exists('backend_last_attempt') ? SpoonSession::get('backend_last_attempt') : time(); // calculate timeout $timeout = 5 * (SpoonSession::get('backend_login_attempts') - 4); // too soon! if (time() < $previousAttempt + $timeout) { // sleep untill the user can login again sleep($timeout); // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('503 Service Unavailable', true, 503); } } else { // increment and store SpoonSession::set('backend_last_attempt', time()); } // too many attempts $this->frm->addEditor('too many attempts'); // show error $this->tpl->assign('hasTooManyAttemps', true); $this->tpl->assign('hasError', false); } // no errors in the form? if ($this->frm->isCorrect()) { // cleanup sessions SpoonSession::delete('backend_login_attempts'); SpoonSession::delete('backend_last_attempt'); // create filter with modules which may not be displayed $filter = array('authentication', 'error', 'core'); // get all modules $modules = array_diff(BackendModel::getModules(), $filter); // loop through modules and break on first allowed module foreach ($modules as $module) { if (BackendAuthentication::isAllowedModule($module)) { break; } } // redirect to the correct URL (URL the user was looking for or fallback) $this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, $module))); } } // is the form submitted if ($this->frmForgotPassword->isSubmitted()) { // backend email $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue(); // required fields if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) { // check if there is a user with the given emailaddress if (!BackendUsersModel::existsEmail($email)) { $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown')); } } // no errors in the form? if ($this->frmForgotPassword->isCorrect()) { // generate the key for the reset link and fetch the user ID for this email $key = BackendAuthentication::getEncryptedString($email, uniqid()); // insert the key and the timestamp into the user settings $userId = BackendUsersModel::getIdByEmail($email); $user = new BackendUser($userId); $user->setSetting('reset_password_key', $key); $user->setSetting('reset_password_timestamp', time()); // variables to parse in the e-mail $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('reset_password') . '&email=' . $email . '&key=' . $key; // send e-mail to user BackendMailer::addEmail(SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')), BACKEND_MODULE_PATH . '/layout/templates/mails/reset_password.tpl', $variables, $email); // clear post-values $_POST['backend_email_forgot'] = ''; // show success message $this->tpl->assign('isForgotPasswordSuccess', true); // show form $this->tpl->assign('showForm', true); } else { $this->tpl->assign('showForm', true); } } }
/** * Get the token which will protect us * * @return string */ public static function getToken() { if (\SpoonSession::exists('csrf_token') && \SpoonSession::get('csrf_token') != '') { $token = \SpoonSession::get('csrf_token'); } else { $token = self::generateRandomString(10, true, true, false, false); \SpoonSession::set('csrf_token', $token); } return $token; }
/** * Save statistics */ private function saveStatistics() { // no search term = no search if (!$this->term) { return; } // previous search result $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : ''; \SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $this->term) { // format data $this->statistics = array(); $this->statistics['term'] = $this->term; $this->statistics['language'] = LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = $this->pagination['num_items']; // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie \SpoonSession::set('searchTerm', $this->term); }
/** * Set the dates based on GET and SESSION * GET has priority and overwrites SESSION * * @return void */ public static function setDates() { // init vars with session data $startTimestamp = SpoonSession::exists('analytics_start_timestamp') ? SpoonSession::get('analytics_start_timestamp') : null; $endTimestamp = SpoonSession::exists('analytics_end_timestamp') ? SpoonSession::get('analytics_end_timestamp') : null; // overwrite with get data if needed if (isset($_GET['start_timestamp']) && $_GET['start_timestamp'] != '' && isset($_GET['end_timestamp']) && $_GET['end_timestamp'] != '') { // get dates $startTimestamp = (int) $_GET['start_timestamp']; $endTimestamp = (int) $_GET['end_timestamp']; } // dates are set if ($startTimestamp > 0 && $endTimestamp > 0) { // init valid $valid = true; // check startTimestamp (valid year/month/day) if (!checkdate((int) date('n', $startTimestamp), (int) date('j', $startTimestamp), (int) date('Y', $startTimestamp))) { $valid = false; } elseif (!checkdate((int) date('n', $endTimestamp), (int) date('j', $endTimestamp), (int) date('Y', $endTimestamp))) { $valid = false; } else { // start needs to be before end if ($startTimestamp > $endTimestamp) { $valid = false; } elseif ($startTimestamp < mktime(0, 0, 0, 1, 1, 2005)) { $valid = false; } elseif ($endTimestamp > time()) { $valid = false; } } // valid dates if ($valid) { // set sessions SpoonSession::set('analytics_start_timestamp', $startTimestamp); SpoonSession::set('analytics_end_timestamp', $endTimestamp); } } else { // get interval $interval = BackendModel::getModuleSetting('analytics', 'interval', 'week'); if ($interval == 'week') { $interval .= ' -1 days'; } // set sessions SpoonSession::set('analytics_start_timestamp', strtotime('-1' . $interval, mktime(0, 0, 0))); SpoonSession::set('analytics_end_timestamp', mktime(0, 0, 0)); } }
/** * Redirect to the loading page after checking for infinite loops. * * @return void * @param string $action The action to check for infinite loops. * @param array[optional] $extraParameters The extra parameters to append to the redirect url. */ public static function redirectToLoadingPage($action, array $extraParameters = array()) { // get loop counter $counter = SpoonSession::exists($action . 'Loop') ? SpoonSession::get($action . 'Loop') : 0; // loop has run too long - throw exception if ($counter > 2) { throw new BackendException('An infinite loop has been detected while getting data from cache for the action "' . $action . '".'); } // set new counter SpoonSession::set($action . 'Loop', ++$counter); // put parameters into a string $extraParameters = empty($extraParameters) ? '' : '&' . http_build_query($extraParameters); // redirect to loading page which will get the needed data based on the current action SpoonHTTP::redirect(BackendModel::createURLForAction('loading') . '&redirect_action=' . $action . $extraParameters); }
/** * Is the current user logged in? * * @return bool */ public static function isLoggedIn() { // check if all needed values are set in the session if (SpoonSession::exists('backend_logged_in', 'backend_secret_key') && (bool) SpoonSession::get('backend_logged_in') && (string) SpoonSession::get('backend_secret_key') != '') { // get database instance $db = BackendModel::getDB(true); // get the row from the tables $sessionData = $db->getRecord('SELECT us.id, us.user_id FROM users_sessions AS us WHERE us.session_id = ? AND us.secret_key = ? LIMIT 1', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key'))); // if we found a matching row, we know the user is logged in, so we update his session if ($sessionData !== null) { // update the session in the table $db->update('users_sessions', array('date' => BackendModel::getUTCDate()), 'id = ?', (int) $sessionData['id']); // create a user object, it will handle stuff related to the current authenticated user self::$user = new BackendUser($sessionData['user_id']); // the user is logged on return true; } else { SpoonSession::set('backend_logged_in', false); } } else { SpoonSession::set('backend_logged_in', false); } // reset values for invalid users. We can't destroy the session because session-data can be used on the site. if ((bool) SpoonSession::get('backend_logged_in') === false) { // reset some values SpoonSession::set('backend_logged_in', false); SpoonSession::set('backend_secret_key', ''); // return result return false; } }
/** * Validate the form */ private function validateForm() { // get settings $commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments']; // comments aren't allowed so we don't have to validate if (!$commentsAllowed) { return false; } // is the form submitted if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // does the key exists? if (SpoonSession::exists('blog_comment_' . $this->record['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->getField('message')->addError(FL::err('CommentTimeout')); } } // validate required fields $this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired')); $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired')); $this->frm->getField('message')->isFilled(FL::err('MessageIsRequired')); // validate optional fields if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') { $this->frm->getField('website')->isURL(FL::err('InvalidURL')); } // no errors? if ($this->frm->isCorrect()) { // get module setting $spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter']; $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation']; // reformat data $author = $this->frm->getField('author')->getValue(); $email = $this->frm->getField('email')->getValue(); $website = $this->frm->getField('website')->getValue(); if (trim($website) == '' || $website == 'http://') { $website = null; } $text = $this->frm->getField('message')->getValue(); // build array $comment['post_id'] = $this->record['id']; $comment['language'] = FRONTEND_LANGUAGE; $comment['created_on'] = FrontendModel::getUTCDate(); $comment['author'] = $author; $comment['email'] = $email; $comment['website'] = $website; $comment['text'] = $text; $comment['status'] = 'published'; $comment['data'] = serialize(array('server' => $_SERVER)); // get URL for article $permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url']; $redirectLink = $permaLink; // is moderation enabled if ($moderationEnabled) { // if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue if (!FrontendBlogModel::isModerated($author, $email)) { $comment['status'] = 'moderation'; } } // should we check if the item is spam if ($spamFilterEnabled) { // check for spam $result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website); // if the comment is spam alter the comment status so it will appear in the spam queue if ($result) { $comment['status'] = 'spam'; } elseif ($result == 'unknown') { $comment['status'] = 'moderation'; } } // insert comment $comment['id'] = FrontendBlogModel::insertComment($comment); // trigger event FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment)); // append a parameter to the URL so we can show moderation if (strpos($redirectLink, '?') === false) { if ($comment['status'] == 'moderation') { $redirectLink .= '?comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '?comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '?comment=true#comment-' . $comment['id']; } } else { if ($comment['status'] == 'moderation') { $redirectLink .= '&comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '&comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '&comment=true#comment-' . $comment['id']; } } // set title $comment['post_title'] = $this->record['title']; $comment['post_url'] = $this->record['url']; // notify the admin FrontendBlogModel::notifyAdmin($comment); // store timestamp in session so we can block excesive usage SpoonSession::set('blog_comment_' . $this->record['id'], time()); // store author-data in cookies try { SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); } catch (Exception $e) { // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception } // redirect $this->redirect($redirectLink); } } }
$tpl->assign('oRecent', true); $tpl->assign('iRecent', $recent); } else { $tpl->assign('oNoRecent', true); } if ($user->GetTopPubs(5) !== null) { $tpl->assign('oTopPubs', true); $tpl->assign('iTopPubs', $user->GetTopPubs(5)); } else { $tpl->assign('oNoTopPubs', true); } $tpl->assign('fb_uid', $user->fb_uid); $tpl->assign('name', $user->first_name . ' ' . $user->last_name); $tpl->assign('user_id', $user->user_id); // if user is logged in and it's not his own profile show add as friend button if (SpoonSession::exists('public_uid') && SpoonSession::get('public_uid') != $user->user_id) { $loggedInUser = new User(SpoonSession::get('public_uid'), null, ''); if (!$loggedInUser->isFriend($user->user_id)) { $tpl->assign('oAddFriend', true); } else { $tpl->assign('oDeleteFriend', true); } } if (SpoonFilter::getGetValue('follow', null, '') == 'true') { $loggedInUser->follow($user->user_id); SpoonHTTP::redirect('/users/' . $user->user_id); } if (SpoonFilter::getGetValue('follow', null, '') == 'false') { $loggedInUser->unfollow($user->user_id); SpoonHTTP::redirect('/users/' . $user->user_id); }
/** * Installs the required and optional modules * * @return void */ private function installModules() { // get port $port = SpoonSession::exists('db_port') && SpoonSession::get('db_port') != '' ? SpoonSession::get('db_port') : 3306; // database instance $this->db = new SpoonDatabase('mysql', SpoonSession::get('db_hostname'), SpoonSession::get('db_username'), SpoonSession::get('db_password'), SpoonSession::get('db_database'), $port); // utf8 compliance & MySQL-timezone $this->db->execute('SET CHARACTER SET utf8, NAMES utf8, time_zone = "+0:00"'); /** * First we need to install the core. All the linked modules, settings and sql tables are * being installed. */ require_once PATH_WWW . '/backend/core/installer/install.php'; // install the core $install = new CoreInstall($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), array('default_language' => SpoonSession::get('default_language'), 'default_interface_language' => SpoonSession::get('default_interface_language'), 'spoon_debug_email' => SpoonSession::get('email'), 'api_email' => SpoonSession::get('email'), 'site_domain' => isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'fork.local', 'site_title' => 'Fork CMS', 'smtp_server' => '', 'smtp_port' => '', 'smtp_username' => '', 'smtp_password' => '')); // variables passed to module installers $variables = array(); $variables['email'] = SpoonSession::get('email'); $variables['default_interface_language'] = SpoonSession::get('default_interface_language'); // loop required modules foreach ($this->modules['required'] as $module) { // install exists if (SpoonFile::exists(PATH_WWW . '/backend/modules/' . $module . '/installer/install.php')) { // users module needs custom variables if ($module == 'users') { $variables['password'] = SpoonSession::get('password'); } // load file require_once PATH_WWW . '/backend/modules/' . $module . '/installer/install.php'; // class name $class = SpoonFilter::toCamelCase($module) . 'Install'; // execute installer $install = new $class($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), $variables); } } // optional modules foreach (SpoonSession::get('modules') as $module) { if (!in_array($module, $this->modules['required'])) { // install exists if (SpoonFile::exists(PATH_WWW . '/backend/modules/' . $module . '/installer/install.php')) { // load file require_once PATH_WWW . '/backend/modules/' . $module . '/installer/install.php'; // class name $class = SpoonFilter::toCamelCase($module) . 'Install'; // execute installer $install = new $class($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), $variables); } } } }
/** * Validate the form. */ private function validateForm() { // submitted if ($this->frm->isSubmitted()) { // does the key exists? if (\SpoonSession::exists('formbuilder_' . $this->item['id'])) { // calculate difference $diff = time() - (int) \SpoonSession::get('formbuilder_' . $this->item['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->addError(FL::err('FormTimeout')); } } // validate fields foreach ($this->item['fields'] as $field) { // field name $fieldName = 'field' . $field['id']; // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // loop other validations foreach ($field['validations'] as $rule => $settings) { // already has an error so skip if ($this->frm->getField($fieldName)->getErrors() !== null) { continue; } // required if ($rule == 'required') { $this->frm->getField($fieldName)->isFilled($settings['error_message']); } elseif ($rule == 'email') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isEmail($settings['error_message']); } } elseif ($rule == 'numeric') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isNumeric($settings['error_message']); } } elseif ($rule == 'time') { $regexTime = '/^(([0-1][0-9]|2[0-3]|[0-9])|([0-1][0-9]|2[0-3]|[0-9])(:|h)[0-5]?[0-9]?)$/'; if (!\SpoonFilter::isValidAgainstRegexp($regexTime, $this->frm->getField($fieldName)->getValue())) { $this->frm->getField($fieldName)->setError($settings['error_message']); } } } } // valid form if ($this->frm->isCorrect()) { // item $data['form_id'] = $this->item['id']; $data['session_id'] = \SpoonSession::getSessionId(); $data['sent_on'] = FrontendModel::getUTCDate(); $data['data'] = serialize(array('server' => $_SERVER)); // insert data $dataId = FrontendFormBuilderModel::insertData($data); // init fields array $fields = array(); // loop all fields foreach ($this->item['fields'] as $field) { // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // field data $fieldData['data_id'] = $dataId; $fieldData['label'] = $field['settings']['label']; $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue(); if ($field['type'] == 'radiobutton') { $values = array(); foreach ($field['settings']['values'] as $value) { $values[$value['value']] = $value['label']; } $fieldData['value'] = $values[$fieldData['value']]; } // clean up if (is_array($fieldData['value']) && empty($fieldData['value'])) { $fieldData['value'] = null; } // serialize if ($fieldData['value'] !== null) { $fieldData['value'] = serialize($fieldData['value']); } // save fields data $fields[$field['id']] = $fieldData; // insert FrontendFormBuilderModel::insertDataField($fieldData); } $this->get('event_dispatcher')->dispatch(FormBuilderEvents::FORM_SUBMITTED, new FormBuilderSubmittedEvent($this->item, $fields, $dataId)); // trigger event FrontendModel::triggerEvent('FormBuilder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId())); // store timestamp in session so we can block excessive usage \SpoonSession::set('formbuilder_' . $this->item['id'], time()); // redirect $redirect = SITE_URL . $this->URL->getQueryString(); $redirect .= stripos($redirect, '?') === false ? '?' : '&'; $redirect .= 'identifier=' . $this->item['identifier']; $redirect .= '#' . $this->formName; throw new RedirectException('Redirect', new RedirectResponse($redirect)); } else { // not correct, show errors // global form errors set if ($this->frm->getErrors() != '') { $this->tpl->assign('formBuilderError', $this->frm->getErrors()); } else { // general error $this->tpl->assign('formBuilderError', FL::err('FormError')); } } } }
/** * Validates the form. This is an alternative for isCorrect, but without retrieve the status of course. * * @return SpoonForm */ public function validate() { // define errors $errors = ''; // if we use tokens, we validate them here if ($this->getUseToken()) { // token not available? if (!SpoonSession::exists('form_token')) { $errors .= $this->tokenError; } else { // compare tokens if ($this->getField('form_token')->getValue() != SpoonSession::get('form_token')) { $errors .= $this->tokenError; } } } // loop objects foreach ($this->objects as $oElement) { // check, since some objects don't have this method! if (is_callable(array($oElement, 'getErrors'))) { $errors .= $oElement->getErrors(); } } // affect correct status if (trim($errors) != '') { $this->correct = false; } // main form errors? if (trim($this->getErrors()) != '') { $this->correct = false; } // update parsed status $this->validated = true; return $this; }
/** * Check if a profile is loggedin. * * @return bool */ public static function isLoggedIn() { // profile object exist? (this means the session/cookie checks have already happened in the current request and we cached the profile) if (isset(self::$profile)) { return true; } elseif (SpoonSession::exists('frontend_profile_logged_in') && SpoonSession::get('frontend_profile_logged_in') === true) { // get session id $sessionId = SpoonSession::getSessionId(); // get profile id $profileId = (int) FrontendModel::getDB()->getVar('SELECT p.id FROM profiles AS p INNER JOIN profiles_sessions AS ps ON ps.profile_id = p.id WHERE ps.session_id = ?', (string) $sessionId); // valid profile id if ($profileId !== 0) { // update session date FrontendModel::getDB(true)->update('profiles_sessions', array('date' => FrontendModel::getUTCDate()), 'session_id = ?', $sessionId); // new user object self::$profile = new FrontendProfilesProfile($profileId); // logged in return true; } else { SpoonSession::set('frontend_profile_logged_in', false); } } elseif (SpoonCookie::exists('frontend_profile_secret_key') && SpoonCookie::get('frontend_profile_secret_key') != '') { // secret $secret = (string) SpoonCookie::get('frontend_profile_secret_key'); // get profile id $profileId = (int) FrontendModel::getDB()->getVar('SELECT p.id FROM profiles AS p INNER JOIN profiles_sessions AS ps ON ps.profile_id = p.id WHERE ps.secret_key = ?', $secret); // valid profile id if ($profileId !== 0) { // get new secret key $profileSecret = FrontendProfilesModel::getEncryptedString(SpoonSession::getSessionId(), FrontendProfilesModel::getRandomString()); // update session record FrontendModel::getDB(true)->update('profiles_sessions', array('session_id' => SpoonSession::getSessionId(), 'secret_key' => $profileSecret, 'date' => FrontendModel::getUTCDate()), 'secret_key = ?', $secret); // set new cookie SpoonCookie::set('frontend_profile_secret_key', $profileSecret, 60 * 60 * 24 * 31); // set is_logged_in to true SpoonSession::set('frontend_profile_logged_in', true); // update last login FrontendProfilesModel::update($profileId, array('last_login' => FrontendModel::getUTCDate())); // new user object self::$profile = new FrontendProfilesProfile($profileId); // logged in return true; } else { SpoonCookie::delete('frontend_profile_secret_key'); } } // no one is logged in return false; }
/** * Validate the forms */ private function validateForm() { if ($this->frm->isSubmitted()) { $txtEmail = $this->frm->getField('backend_email'); $txtPassword = $this->frm->getField('backend_password'); // required fields if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) { // add error $this->frm->addError('fields required'); // show error $this->tpl->assign('hasError', true); } $this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'."); // invalid form-token? if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) { // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('400 Bad Request', true, 400); } } // get the user's id $userId = BackendUsersModel::getIdByEmail($txtEmail->getValue()); // all fields are ok? if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) { // try to login the user if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) { $this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'."); // add error $this->frm->addError('invalid login'); // store attempt in session $current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0; // increment and store \SpoonSession::set('backend_login_attempts', ++$current); // save the failed login attempt in the user's settings if ($userId !== false) { BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time()); } // show error $this->tpl->assign('hasError', true); } } // check sessions if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) { // get previous attempt $previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time(); // calculate timeout $timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4); // too soon! if (time() < $previousAttempt + $timeout) { // sleep until the user can login again sleep($timeout); // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('503 Service Unavailable', true, 503); } } else { // increment and store \SpoonSession::set('backend_last_attempt', time()); } // too many attempts $this->frm->addEditor('too many attempts'); $this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'."); // show error $this->tpl->assign('hasTooManyAttemps', true); $this->tpl->assign('hasError', false); } // no errors in the form? if ($this->frm->isCorrect()) { // cleanup sessions \SpoonSession::delete('backend_login_attempts'); \SpoonSession::delete('backend_last_attempt'); // save the login timestamp in the user's settings $lastLogin = BackendUsersModel::getSetting($userId, 'current_login'); BackendUsersModel::setSetting($userId, 'current_login', time()); if ($lastLogin) { BackendUsersModel::setSetting($userId, 'last_login', $lastLogin); } $this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'."); // redirect to the correct URL (URL the user was looking for or fallback) $this->redirectToAllowedModuleAndAction(); } } // is the form submitted if ($this->frmForgotPassword->isSubmitted()) { // backend email $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue(); // required fields if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) { // check if there is a user with the given emailaddress if (!BackendUsersModel::existsEmail($email)) { $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown')); } } // no errors in the form? if ($this->frmForgotPassword->isCorrect()) { // generate the key for the reset link and fetch the user ID for this email $key = BackendAuthentication::getEncryptedString($email, uniqid()); // insert the key and the timestamp into the user settings $userId = BackendUsersModel::getIdByEmail($email); $user = new User($userId); $user->setSetting('reset_password_key', $key); $user->setSetting('reset_password_timestamp', time()); // variables to parse in the e-mail $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key; // send e-mail to user $from = $this->get('fork.settings')->get('Core', 'mailer_from'); $replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to'); $message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables); $this->get('mailer')->send($message); // clear post-values $_POST['backend_email_forgot'] = ''; // show success message $this->tpl->assign('isForgotPasswordSuccess', true); // show form $this->tpl->assign('showForm', true); } else { // errors? $this->tpl->assign('showForm', true); } } }
/** * Install settings */ private function installSettings() { // add 'blog' as a module $this->addModule('mailmotor'); // get email from the session $email = SpoonSession::exists('email') ? SpoonSession::get('email') : null; // get from/replyTo core settings $from = $this->getSetting('core', 'mailer_from'); $replyTo = $this->getSetting('core', 'mailer_reply_to'); // general settings $this->setSetting('mailmotor', 'from_email', $from['email']); $this->setSetting('mailmotor', 'from_name', $from['name']); $this->setSetting('mailmotor', 'plain_text_editable', true); $this->setSetting('mailmotor', 'reply_to_email', $replyTo['email']); $this->setSetting('mailmotor', 'price_per_email', 0); $this->setSetting('mailmotor', 'price_per_campaign', 0); // pre-load these CM settings - these are used to obtain a client ID after the CampaignMonitor account is linked. $this->setSetting('mailmotor', 'cm_url', ''); $this->setSetting('mailmotor', 'cm_username', ''); $this->setSetting('mailmotor', 'cm_password', ''); $this->setSetting('mailmotor', 'cm_client_company_name', $from['name']); $this->setSetting('mailmotor', 'cm_client_contact_email', $from['email']); $this->setSetting('mailmotor', 'cm_client_contact_name', $from['name']); $this->setSetting('mailmotor', 'cm_client_country', 'Belgium'); $this->setSetting('mailmotor', 'cm_client_timezone', ''); // by default no account is linked yet $this->setSetting('mailmotor', 'cm_account', false); }