Exemple #1
0
 /**
  * Execute the action
  */
 public function execute()
 {
     parent::execute();
     // get parameters
     $charset = $this->getContainer()->getParameter('kernel.charset');
     $searchTerm = \SpoonFilter::getPostValue('term', null, '');
     $term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm);
     // validate search term
     if ($term == '') {
         $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
     } else {
         // previous search result
         $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : '';
         \SpoonSession::set('searchTerm', '');
         // save this term?
         if ($previousTerm != $term) {
             // format data
             $this->statistics = array();
             $this->statistics['term'] = $term;
             $this->statistics['language'] = LANGUAGE;
             $this->statistics['time'] = FrontendModel::getUTCDate();
             $this->statistics['data'] = serialize(array('server' => $_SERVER));
             $this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
             // save data
             FrontendSearchModel::save($this->statistics);
         }
         // save current search term in cookie
         \SpoonSession::set('searchTerm', $term);
         // output
         $this->output(self::OK);
     }
 }
 /**
  * Validate the form
  */
 protected function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $this->frm->cleanupFields();
         // validation
         $fields = $this->frm->getFields();
         $fields['title']->isFilled(Language::err('TitleIsRequired'));
         $fields['description']->isFilled(Language::err('FieldIsRequired'));
         $fields['author_name']->isFilled(Language::err('FieldIsRequired'));
         $fields['author_url']->isFilled(Language::err('FieldIsRequired'));
         $fields['author_email']->isFilled(Language::err('FieldIsRequired'));
         // cleanup the modulename
         $title = preg_replace('/[^A-Za-z ]/', '', $fields['title']->getValue());
         // check if there is already a module with this name
         if (BackendExtensionsModel::existsModule($title)) {
             $fields['title']->addError(Language::err('DuplicateModuleName'));
         }
         if ($this->frm->isCorrect()) {
             $this->record['title'] = $title;
             $this->record['description'] = trim($fields['description']->getValue());
             $this->record['author_name'] = $fields['author_name']->getValue();
             $this->record['author_url'] = $fields['author_url']->getValue();
             $this->record['author_email'] = $fields['author_email']->getValue();
             $this->record['camel_case_name'] = BackendModuleMakerHelper::buildCamelCasedName($title);
             $this->record['underscored_name'] = BackendModuleMakerHelper::buildUnderscoredName($title);
             \SpoonSession::set('module', $this->record);
             $this->redirect(Model::createURLForAction('AddStep2'));
         }
     }
 }
 /**
  * Validate the form
  */
 protected function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $this->frm->cleanupFields();
         $frmFields = $this->frm->getFields();
         // validate form
         if ($frmFields['twitter']->isChecked()) {
             // we need fields when search is ticked
             $frmFields['twitter_name']->isFilled(Language::err('FieldIsRequired'));
         }
         if ($this->frm->isCorrect()) {
             // if this field is checked, let's add a boolean searchable true to the chosen fields
             if ($frmFields['twitter']->isChecked()) {
                 $this->record['twitter'] = $frmFields['twitter_name']->getValue();
             } else {
                 if (array_key_exists('twitter', $this->record)) {
                     unset($this->record['twitter']);
                 }
             }
             // save the object in our session
             \SpoonSession::set('module', $this->record);
             $this->redirect(Model::createURLForAction('Generate'));
         }
     }
 }
Exemple #4
0
 /**
  * Execute the action
  *
  * @return	void
  */
 public function execute()
 {
     // call parent, this will probably add some general CSS/JS or other required files
     parent::execute();
     // get parameters
     $term = SpoonFilter::getGetValue('term', null, '');
     // validate
     if ($term == '') {
         $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
     }
     // previous search result
     $previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : '';
     SpoonSession::set('searchTerm', '');
     // save this term?
     if ($previousTerm != $term) {
         // format data
         $this->statistics = array();
         $this->statistics['term'] = $term;
         $this->statistics['language'] = FRONTEND_LANGUAGE;
         $this->statistics['time'] = FrontendModel::getUTCDate();
         $this->statistics['data'] = serialize(array('server' => $_SERVER));
         $this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
         // save data
         FrontendSearchModel::save($this->statistics);
     }
     // save current search term in cookie
     SpoonSession::set('searchTerm', $term);
     // output
     $this->output(self::OK);
 }
Exemple #5
0
 /**
  * Check if the token is ok
  */
 public function checkToken()
 {
     $fromSession = \SpoonSession::exists('csrf_token') ? \SpoonSession::get('csrf_token') : '';
     $fromGet = \SpoonFilter::getGetValue('token', null, '');
     if ($fromSession != '' && $fromGet != '' && $fromSession == $fromGet) {
         return;
     }
     // clear the token
     \SpoonSession::set('csrf_token', '');
     $this->redirect(BackendModel::createURLForAction('Index', null, null, array('error' => 'csrf')));
 }
Exemple #6
0
 /**
  * Validate the form based on the variables in $_POST
  *
  * @return	void
  */
 private function validateForm()
 {
     // form submitted
     if ($this->frm->isSubmitted()) {
         // required fields
         $this->frm->getField('email')->isEmail('Please provide a valid e-mailaddress.');
         $this->frm->getField('password')->isFilled('This field is required.');
         $this->frm->getField('confirm')->isFilled('This field is required.');
         if ($this->frm->getField('password')->getValue() != $this->frm->getField('confirm')->getValue()) {
             $this->frm->getField('confirm')->addError('The passwords do not match.');
         }
         // all valid
         if ($this->frm->isCorrect()) {
             // update session
             SpoonSession::set('email', $this->frm->getField('email')->getValue());
             SpoonSession::set('password', $this->frm->getField('password')->getValue());
             SpoonSession::set('confirm', $this->frm->getField('confirm')->getValue());
             // redirect
             SpoonHTTP::redirect('index.php?step=7');
         }
     }
 }
 /**
  * Execute the action
  */
 public function execute()
 {
     // If step 1 isn't entered, redirect back to the first step of the wizard
     $this->record = \SpoonSession::get('module');
     if (!$this->record || !array_key_exists('title', $this->record)) {
         $this->redirect(Model::createURLForAction('Add'));
     }
     // If there are no fields added, redirect back to the second step of the wizard
     if (!array_key_exists('fields', $this->record) || empty($this->record['fields'])) {
         $this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing');
     }
     // get parameters
     $this->id = $this->getParameter('id', 'int');
     // does the item exist
     if ($this->id !== null && array_key_exists($this->id, $this->record['fields'])) {
         unset($this->record['fields'][$this->id]);
         \SpoonSession::set('module', $this->record);
         $this->redirect(Model::createURLForAction('AddStep2') . '&report=deleted');
     } else {
         $this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing');
     }
 }
Exemple #8
0
 /**
  * Validate the form
  */
 private function validateForm()
 {
     // get settings
     $subscriptionsAllowed = isset($this->settings['allow_subscriptions']) && $this->settings['allow_subscriptions'];
     // subscriptions aren't allowed so we don't have to validate
     if (!$subscriptionsAllowed) {
         return false;
     }
     // is the form submitted
     if ($this->frm->isSubmitted()) {
         // cleanup the submitted fields, ignore fields that were added by hackers
         $this->frm->cleanupFields();
         // does the key exists?
         if (\SpoonSession::exists('agenda_subscription_' . $this->record['id'])) {
             // calculate difference
             $diff = time() - (int) \SpoonSession::get('agenda_subscription_' . $this->record['id']);
             // calculate difference, it it isn't 10 seconds the we tell the user to slow down
             if ($diff < 10 && $diff != 0) {
                 $this->frm->getField('message')->addError(FL::err('CommentTimeout'));
             }
         }
         // validate required fields
         $this->frm->getField('name')->isFilled(FL::err('NameIsRequired'));
         $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
         // no errors?
         if ($this->frm->isCorrect()) {
             // get module setting
             $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
             // reformat data
             $name = $this->frm->getField('name')->getValue();
             $email = $this->frm->getField('email')->getValue();
             // build array
             $subscription['agenda_id'] = $this->record['id'];
             $subscription['language'] = FRONTEND_LANGUAGE;
             $subscription['created_on'] = FrontendModel::getUTCDate();
             $subscription['name'] = $name;
             $subscription['email'] = $email;
             $subscription['status'] = 'subscribed';
             // get URL for article
             $permaLink = $this->record['full_url'];
             $redirectLink = $permaLink;
             // is moderation enabled
             if ($moderationEnabled) {
                 // if the commenter isn't moderated before alter the subscription status so it will appear in the moderation queue
                 if (!FrontendAgendaModel::isModerated($name, $email)) {
                     $subscription['status'] = 'moderation';
                 }
             }
             // insert comment
             $subscription['id'] = FrontendAgendaModel::insertSubscription($subscription);
             // trigger event
             FrontendModel::triggerEvent('agenda', 'after_add_subscription', array('subscription' => $subscription));
             // append a parameter to the URL so we can show moderation
             if (strpos($redirectLink, '?') === false) {
                 if ($subscription['status'] == 'moderation') {
                     $redirectLink .= '?subscription=moderation#' . FL::act('Subscribe');
                 }
                 if ($subscription['status'] == 'subscribed') {
                     $redirectLink .= '?subscription=true#subscription-' . $subscription['id'];
                 }
             } else {
                 if ($subscription['status'] == 'moderation') {
                     $redirectLink .= '&subscription=moderation#' . FL::act('Subscribe');
                 }
                 if ($subscription['status'] == 'subscribed') {
                     $redirectLink .= '&subscription=true#comment-' . $subscription['id'];
                 }
             }
             // set title
             $subscription['agenda_title'] = $this->record['title'];
             $subscription['agenda_url'] = $this->record['url'];
             // notify the admin
             FrontendAgendaModel::notifyAdmin($subscription);
             // store timestamp in session so we can block excessive usage
             \SpoonSession::set('agenda_subscription_' . $this->record['id'], time());
             // store author-data in cookies
             try {
                 Cookie::set('subscription_author', $name);
                 Cookie::set('subscription_email', $email);
             } catch (Exception $e) {
                 // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
             }
             // redirect
             $this->redirect($redirectLink);
         }
     }
 }
Exemple #9
0
 /**
  * Process the querystring
  *
  * @return	void
  */
 private function processQueryString()
 {
     // store the querystring local, so we don't alter it.
     $queryString = $this->getQueryString();
     // fix GET-parameters
     $getChunks = explode('?', $queryString);
     // are there GET-parameters
     if (isset($getChunks[1])) {
         // get key-value pairs
         $get = explode('&', $getChunks[1]);
         // remove from querystring
         $queryString = str_replace('?' . $getChunks[1], '', $this->getQueryString());
         // loop pairs
         foreach ($get as $getItem) {
             // get key and value
             $getChunks = explode('=', $getItem, 2);
             // key available?
             if (isset($getChunks[0])) {
                 // reset in $_GET
                 $_GET[$getChunks[0]] = isset($getChunks[1]) ? (string) $getChunks[1] : '';
                 // add into parameters
                 if (isset($getChunks[1])) {
                     $this->parameters[(string) $getChunks[0]] = (string) $getChunks[1];
                 }
             }
         }
     }
     // split into chunks
     $chunks = (array) explode('/', $queryString);
     // single language
     if (!SITE_MULTILANGUAGE) {
         // set language id
         $language = FrontendModel::getModuleSetting('core', 'default_language', SITE_DEFAULT_LANGUAGE);
     } else {
         // default value
         $mustRedirect = false;
         // get possible languages
         $possibleLanguages = (array) FrontendLanguage::getActiveLanguages();
         $redirectLanguages = (array) FrontendLanguage::getRedirectLanguages();
         // the language is present in the URL
         if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) {
             // define language
             $language = (string) $chunks[0];
             // try to set a cookie with the language
             try {
                 // set cookie
                 SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain());
             } catch (SpoonCookieException $e) {
                 // settings cookies isn't allowed, because this isn't a real problem we ignore the exception
             }
             // set sessions
             SpoonSession::set('frontend_language', $language);
             // remove the language part
             array_shift($chunks);
         } elseif (SpoonCookie::exists('frontend_language') && in_array(SpoonCookie::get('frontend_language'), $redirectLanguages)) {
             // set languageId
             $language = (string) SpoonCookie::get('frontend_language');
             // redirect is needed
             $mustRedirect = true;
         } else {
             // set languageId & abbreviation
             $language = FrontendLanguage::getBrowserLanguage();
             // try to set a cookie with the language
             try {
                 // set cookie
                 SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain());
             } catch (SpoonCookieException $e) {
                 // settings cookies isn't allowed, because this isn't a real problem we ignore the exception
             }
             // redirect is needed
             $mustRedirect = true;
         }
         // redirect is required
         if ($mustRedirect) {
             // build URL
             $URL = rtrim('/' . $language . '/' . $this->getQueryString(), '/');
             // set header & redirect
             SpoonHTTP::redirect($URL, 301);
         }
     }
     // define the language
     define('FRONTEND_LANGUAGE', $language);
     // sets the localefile
     FrontendLanguage::setLocale($language);
     // list of pageIds & their full URL
     $keys = FrontendNavigation::getKeys();
     // full URL
     $URL = implode('/', $chunks);
     $startURL = $URL;
     // loop until we find the URL in the list of pages
     while (!in_array($URL, $keys)) {
         // remove the last chunk
         array_pop($chunks);
         // redefine the URL
         $URL = implode('/', $chunks);
     }
     // remove language from querystring
     if (SITE_MULTILANGUAGE) {
         $queryString = trim(substr($queryString, strlen($language)), '/');
     }
     // if it's the homepage AND parameters were given (not allowed!)
     if ($URL == '' && $queryString != '') {
         // get 404 URL
         $URL = FrontendNavigation::getURL(404);
         // remove language
         if (SITE_MULTILANGUAGE) {
             $URL = str_replace('/' . $language, '', $URL);
         }
     }
     // set pages
     $URL = trim($URL, '/');
     // currently not in the homepage
     if ($URL != '') {
         // explode in pages
         $pages = explode('/', $URL);
         // reset pages
         $this->setPages($pages);
         // reset parameters
         $this->setParameters(array());
     }
     // set parameters
     $parameters = trim(substr($startURL, strlen($URL)), '/');
     // has at least one parameter
     if ($parameters != '') {
         // parameters will be separated by /
         $parameters = explode('/', $parameters);
         // set parameters
         $this->setParameters($parameters);
     }
     // pageId, parentId & depth
     $pageId = FrontendNavigation::getPageId(implode('/', $this->getPages()));
     $pageInfo = FrontendNavigation::getPageInfo($pageId);
     // invalid page, or parameters but no extra
     if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) {
         // get 404 URL
         $URL = FrontendNavigation::getURL(404);
         // remove language
         if (SITE_MULTILANGUAGE) {
             $URL = trim(str_replace('/' . $language, '', $URL), '/');
         }
         // currently not in the homepage
         if ($URL != '') {
             // explode in pages
             $pages = explode('/', $URL);
             // reset pages
             $this->setPages($pages);
             // reset parameters
             $this->setParameters(array());
         }
     }
     // is this an internal redirect?
     if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') {
         // get url for item
         $newPageURL = FrontendNavigation::getURL((int) $pageInfo['redirect_page_id']);
         $errorURL = FrontendNavigation::getURL(404);
         // not an error?
         if ($newPageURL != $errorURL) {
             // redirect
             SpoonHTTP::redirect($newPageURL, $pageInfo['redirect_code']);
         }
     }
     // is this an external redirect?
     if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') {
         // redirect
         SpoonHTTP::redirect($pageInfo['redirect_url'], $pageInfo['redirect_code']);
     }
 }
Exemple #10
0
 /**
  * Validate the form based on the variables in $_POST
  */
 private function validateForm()
 {
     // form submitted
     if ($this->frm->isSubmitted()) {
         // all valid
         if ($this->frm->isCorrect()) {
             // get selected modules
             $modules = $this->frm->getField('modules')->getValue();
             // add blog if example data was checked
             if ($this->frm->getField('example_data')->getChecked() && !in_array('blog', $modules)) {
                 $modules[] = 'blog';
             }
             // set modules
             SpoonSession::set('modules', $modules);
             // example data
             SpoonSession::set('example_data', $this->frm->getField('example_data')->getChecked());
             // debug mode
             SpoonSession::set('debug_mode', $this->frm->getField('debug_mode')->getChecked());
             // redirect
             SpoonHTTP::redirect('index.php?step=5');
         }
     }
 }
 /**
  * Logout a profile.
  *
  * @return	void
  */
 public static function logout()
 {
     // delete session records
     FrontendModel::getDB(true)->delete('profiles_sessions', 'session_id = ?', array(SpoonSession::getSessionId()));
     // set is_logged_in to false
     SpoonSession::set('frontend_profile_logged_in', false);
     // delete cookie
     SpoonCookie::delete('frontend_profile_secret_key');
 }
 /**
  * Validate the form
  */
 protected function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $this->frm->cleanupFields();
         // validation
         $fields = $this->frm->getFields();
         $fields['label']->isFilled(Language::err('FieldIsRequired'));
         // get existing fields
         $this->record = \SpoonSession::get('module');
         if (array_key_exists('fields', $this->record)) {
             foreach ($this->record['fields'] as $field) {
                 // check if we already have a type with the same label
                 if (strtolower($field['label']) == strtolower($fields['label']->getValue())) {
                     $fields['label']->addError(Language::err('LabelAlreadyExist'));
                     break;
                 }
             }
         }
         // for certain types, the options field is required
         $type = $fields['type']->getValue();
         if ($type == 'dropdown' || $type == 'multicheckbox' || $type == 'radiobutton') {
             $fields['tags']->isFilled(Language::err('FieldIsRequired'));
             // check if the default field is one of the options
             if ($fields['default']->isFilled()) {
                 $options = explode(',', $fields['tags']->getValue());
                 if (!in_array($fields['default']->getValue(), $options)) {
                     $fields['default']->addError(Language::err('DefaultShouldBeAnOption'));
                 }
             } elseif ($type == 'radiobutton') {
                 $fields['default']->addError(Language::err('FieldIsRequired'));
             }
         }
         // if the type is images, the options should be in the form 200x200 seperated by a comma
         if ($type == 'image') {
             $fields['tags']->isFilled(Language::err('FieldIsRequired'));
             $tags = explode(',', $fields['tags']->getValue());
             // loop all tags and check on format, example (400x400)
             foreach ($tags as $tag) {
                 if (!preg_match('\'([1-9][0-9]*x[1-9][0-9]*|x[1-9][0-9]*|[1-9][0-9]*x)\'', $tag)) {
                     $fields['tags']->addError(Language::err('ImageSizeNotWellFormed'));
                     break;
                 }
             }
         }
         // check if the default value is valid
         if ($fields['default']->isFilled()) {
             // get default value
             $defaultValue = $fields['default']->getValue();
             // check the default values
             if ($type == 'text' || $type == 'password' || $type == 'file' || $type == 'image') {
                 if (strlen($defaultValue) > 255) {
                     $fields['default']->addError(Language::err('Max255Characters'));
                 }
             } elseif ($type == 'number') {
                 if (!is_numeric($defaultValue)) {
                     $fields['default']->addError(Language::err('FieldIsNotNumeric'));
                 }
             } elseif ($type == 'datetime') {
                 if (!BackendModuleMakerHelper::isValidDateTime($defaultValue)) {
                     $fields['default']->addError(Language::err('FieldIsNotAValidDateTime'));
                 }
             } elseif ($type == 'checkbox') {
                 if (strtoupper($defaultValue) != 'Y' && strtoupper($defaultValue) != 'N') {
                     $fields['default']->addError(Language::err('MustBeAYOrAN'));
                 }
             }
         }
         if ($this->frm->isCorrect()) {
             // create the item
             $item['label'] = strtolower($fields['label']->getValue());
             $item['type'] = $type;
             $item['options'] = $fields['tags']->getValue();
             $item['required'] = $fields['required']->isChecked();
             $item['default'] = $fields['default']->getValue();
             $item['camel_cased_label'] = BackendModuleMakerHelper::buildCamelCasedName($item['label']);
             $item['underscored_label'] = BackendModuleMakerHelper::buildUnderscoredName($item['label']);
             $item['lower_ccased_label'] = BackendModuleMakerHelper::buildLowerCamelCasedName($item['label']);
             $item['meta'] = false;
             $item['searchable'] = false;
             if ($item['type'] == 'image' && $fields['caption']->isChecked()) {
                 $item['type'] = 'image_caption';
             }
             // generate the SQL for the field
             $item['sql'] = $this->generateSQL($item);
             // if the record has no fields key yet, add it
             if (!array_key_exists('fields', $this->record)) {
                 $this->record['fields'] = array();
             }
             // add the item to the fields array of the record
             $this->record['fields'][] = $item;
             // save
             \SpoonSession::set('module', $this->record);
             $this->redirect(Model::createURLForAction('AddStep2'));
         }
     }
 }
Exemple #13
0
 /**
  * Validate the form.
  */
 private function validateForm()
 {
     // submitted
     if ($this->frm->isSubmitted()) {
         // does the key exists?
         if (\SpoonSession::exists('formbuilder_' . $this->item['id'])) {
             // calculate difference
             $diff = time() - (int) \SpoonSession::get('formbuilder_' . $this->item['id']);
             // calculate difference, it it isn't 10 seconds the we tell the user to slow down
             if ($diff < 10 && $diff != 0) {
                 $this->frm->addError(FL::err('FormTimeout'));
             }
         }
         // validate fields
         foreach ($this->item['fields'] as $field) {
             // field name
             $fieldName = 'field' . $field['id'];
             // skip
             if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
                 continue;
             }
             // loop other validations
             foreach ($field['validations'] as $rule => $settings) {
                 // already has an error so skip
                 if ($this->frm->getField($fieldName)->getErrors() !== null) {
                     continue;
                 }
                 // required
                 if ($rule == 'required') {
                     $this->frm->getField($fieldName)->isFilled($settings['error_message']);
                 } elseif ($rule == 'email') {
                     // only check this if the field is filled, if the field is required it will be validated before
                     if ($this->frm->getField($fieldName)->isFilled()) {
                         $this->frm->getField($fieldName)->isEmail($settings['error_message']);
                     }
                 } elseif ($rule == 'numeric') {
                     // only check this if the field is filled, if the field is required it will be validated before
                     if ($this->frm->getField($fieldName)->isFilled()) {
                         $this->frm->getField($fieldName)->isNumeric($settings['error_message']);
                     }
                 } elseif ($rule == 'time') {
                     $regexTime = '/^(([0-1][0-9]|2[0-3]|[0-9])|([0-1][0-9]|2[0-3]|[0-9])(:|h)[0-5]?[0-9]?)$/';
                     if (!\SpoonFilter::isValidAgainstRegexp($regexTime, $this->frm->getField($fieldName)->getValue())) {
                         $this->frm->getField($fieldName)->setError($settings['error_message']);
                     }
                 }
             }
         }
         // valid form
         if ($this->frm->isCorrect()) {
             // item
             $data['form_id'] = $this->item['id'];
             $data['session_id'] = \SpoonSession::getSessionId();
             $data['sent_on'] = FrontendModel::getUTCDate();
             $data['data'] = serialize(array('server' => $_SERVER));
             // insert data
             $dataId = FrontendFormBuilderModel::insertData($data);
             // init fields array
             $fields = array();
             // loop all fields
             foreach ($this->item['fields'] as $field) {
                 // skip
                 if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
                     continue;
                 }
                 // field data
                 $fieldData['data_id'] = $dataId;
                 $fieldData['label'] = $field['settings']['label'];
                 $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
                 if ($field['type'] == 'radiobutton') {
                     $values = array();
                     foreach ($field['settings']['values'] as $value) {
                         $values[$value['value']] = $value['label'];
                     }
                     $fieldData['value'] = $values[$fieldData['value']];
                 }
                 // clean up
                 if (is_array($fieldData['value']) && empty($fieldData['value'])) {
                     $fieldData['value'] = null;
                 }
                 // serialize
                 if ($fieldData['value'] !== null) {
                     $fieldData['value'] = serialize($fieldData['value']);
                 }
                 // save fields data
                 $fields[$field['id']] = $fieldData;
                 // insert
                 FrontendFormBuilderModel::insertDataField($fieldData);
             }
             $this->get('event_dispatcher')->dispatch(FormBuilderEvents::FORM_SUBMITTED, new FormBuilderSubmittedEvent($this->item, $fields, $dataId));
             // trigger event
             FrontendModel::triggerEvent('FormBuilder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
             // store timestamp in session so we can block excessive usage
             \SpoonSession::set('formbuilder_' . $this->item['id'], time());
             // redirect
             $redirect = SITE_URL . $this->URL->getQueryString();
             $redirect .= stripos($redirect, '?') === false ? '?' : '&';
             $redirect .= 'identifier=' . $this->item['identifier'];
             $redirect .= '#' . $this->formName;
             throw new RedirectException('Redirect', new RedirectResponse($redirect));
         } else {
             // not correct, show errors
             // global form errors set
             if ($this->frm->getErrors() != '') {
                 $this->tpl->assign('formBuilderError', $this->frm->getErrors());
             } else {
                 // general error
                 $this->tpl->assign('formBuilderError', FL::err('FormError'));
             }
         }
     }
 }
Exemple #14
0
 /**
  * Validate the form.
  */
 private function validateForm()
 {
     // submitted
     if ($this->frm->isSubmitted()) {
         // does the key exists?
         if (SpoonSession::exists('formbuilder_' . $this->item['id'])) {
             // calculate difference
             $diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']);
             // calculate difference, it it isn't 10 seconds the we tell the user to slow down
             if ($diff < 10 && $diff != 0) {
                 $this->frm->addError(FL::err('FormTimeout'));
             }
         }
         // validate fields
         foreach ($this->item['fields'] as $field) {
             // fieldname
             $fieldName = 'field' . $field['id'];
             // skip
             if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
                 continue;
             }
             // loop other validations
             foreach ($field['validations'] as $rule => $settings) {
                 // already has an error so skip
                 if ($this->frm->getField($fieldName)->getErrors() !== null) {
                     continue;
                 }
                 // required
                 if ($rule == 'required') {
                     $this->frm->getField($fieldName)->isFilled($settings['error_message']);
                 } elseif ($rule == 'email') {
                     // only check this if the field is filled, if the field is required it will be validated before
                     if ($this->frm->getField($fieldName)->isFilled()) {
                         $this->frm->getField($fieldName)->isEmail($settings['error_message']);
                     }
                 } elseif ($rule == 'numeric') {
                     // only check this if the field is filled, if the field is required it will be validated before
                     if ($this->frm->getField($fieldName)->isFilled()) {
                         $this->frm->getField($fieldName)->isNumeric($settings['error_message']);
                     }
                 }
             }
         }
         // valid form
         if ($this->frm->isCorrect()) {
             // item
             $data['form_id'] = $this->item['id'];
             $data['session_id'] = SpoonSession::getSessionId();
             $data['sent_on'] = FrontendModel::getUTCDate();
             $data['data'] = serialize(array('server' => $_SERVER));
             // insert data
             $dataId = FrontendFormBuilderModel::insertData($data);
             // init fields array
             $fields = array();
             // loop all fields
             foreach ($this->item['fields'] as $field) {
                 // skip
                 if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
                     continue;
                 }
                 // field data
                 $fieldData['data_id'] = $dataId;
                 $fieldData['label'] = $field['settings']['label'];
                 $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
                 // prepare fields for email
                 if ($this->item['method'] == 'database_email') {
                     // add field for email
                     $emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value']));
                 }
                 // clean up
                 if (is_array($fieldData['value']) && empty($fieldData['value'])) {
                     $fieldData['value'] = null;
                 }
                 // serialize
                 if ($fieldData['value'] !== null) {
                     $fieldData['value'] = serialize($fieldData['value']);
                 }
                 // save fields data
                 $fields[] = $fieldData;
                 // insert
                 FrontendFormBuilderModel::insertDataField($fieldData);
             }
             // need to send mail
             if ($this->item['method'] == 'database_email') {
                 // build variables
                 $variables['sentOn'] = time();
                 $variables['name'] = $this->item['name'];
                 $variables['fields'] = $emailFields;
                 // loop recipients
                 foreach ($this->item['email'] as $address) {
                     // add email
                     FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']);
                 }
             }
             // trigger event
             FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
             // store timestamp in session so we can block excesive usage
             SpoonSession::set('formbuilder_' . $this->item['id'], time());
             // redirect
             $redirect = SITE_URL . '/' . $this->URL->getQueryString();
             $redirect .= stripos($redirect, '?') === false ? '?' : '&';
             $redirect .= 'identifier=' . $this->item['identifier'];
             // redirect with identifier
             SpoonHTTP::redirect($redirect);
         } else {
             // global form errors set
             if ($this->frm->getErrors() != '') {
                 $this->tpl->assign('formBuilderError', $this->frm->getErrors());
             } else {
                 $this->tpl->assign('formBuilderError', FL::err('FormError'));
             }
         }
     }
 }
 /**
  * Logsout the current user
  *
  * @return	void
  */
 public static function logout()
 {
     // remove all rows owned by the current user
     BackendModel::getDB(true)->delete('users_sessions', 'session_id = ?', SpoonSession::getSessionId());
     // reset values. We can't destroy the session because session-data can be used on the site.
     SpoonSession::set('backend_logged_in', false);
     SpoonSession::set('backend_secret_key', '');
 }
Exemple #16
0
 /**
  * Validate the form based on the variables in $_POST
  */
 private function validateForm()
 {
     // form submitted
     if ($this->frm->isSubmitted()) {
         // multiple languages
         if ($this->frm->getField('language_type')->getValue() == 'multiple') {
             // list of languages
             $languages = $this->frm->getField('languages')->getValue();
             // default language
             if (!in_array($this->frm->getField('default_language')->getValue(), $languages)) {
                 $this->frm->getField('default_language')->setError('Your default language needs to be in the list of languages you chose.');
             }
         } else {
             // list of languages
             $languages = (array) array($this->frm->getField('default_language')->getValue());
         }
         // same cms interface language
         if ($this->frm->getField('same_interface_language')->getChecked()) {
             // list of languages
             $interfaceLanguages = $languages;
         } else {
             // list of languages
             $interfaceLanguages = $this->frm->getField('interface_languages')->getValue();
         }
         // default language
         if (!in_array($this->frm->getField('default_interface_language')->getValue(), $interfaceLanguages)) {
             $this->frm->getField('default_interface_language')->setError('Your default language needs to be in the list of languages you chose.');
         }
         // all valid
         if ($this->frm->isCorrect()) {
             // set languages
             SpoonSession::set('default_language', $this->frm->getField('default_language')->getValue());
             SpoonSession::set('default_interface_language', $this->frm->getField('default_interface_language')->getValue());
             SpoonSession::set('multiple_languages', $this->frm->getField('language_type')->getValue() == 'multiple' ? true : false);
             SpoonSession::set('languages', $languages);
             SpoonSession::set('interface_languages', $interfaceLanguages);
             // redirect
             SpoonHTTP::redirect('index.php?step=4');
         }
     }
 }
Exemple #17
0
 /**
  * Validate the form based on the variables in $_POST
  */
 private function validateForm()
 {
     // form submitted
     if ($this->frm->isSubmitted()) {
         // database settings
         $this->frm->getField('hostname')->isFilled('This field is required.');
         $this->frm->getField('database')->isFilled('This field is required.');
         $this->frm->getField('username')->isFilled('This field is required.');
         $this->frm->getField('password')->isFilled('This field is required.');
         // all filled out
         if ($this->frm->getField('hostname')->isFilled() && $this->frm->getField('database')->isFilled() && $this->frm->getField('username')->isFilled() && $this->frm->getField('password')->isFilled()) {
             // test the database connection details
             try {
                 // get port
                 $port = $this->frm->getField('port')->isFilled() ? $this->frm->getField('port')->getValue() : 3306;
                 // create instance
                 $db = new SpoonDatabase('mysql', $this->frm->getField('hostname')->getValue(), $this->frm->getField('username')->getValue(), $this->frm->getField('password')->getValue(), $this->frm->getField('database')->getValue(), $port);
                 // test table
                 $table = 'test' . time();
                 // attempt to create table
                 $db->execute('DROP TABLE IF EXISTS ' . $table);
                 $db->execute('CREATE TABLE ' . $table . ' (id int(11) NOT NULL) ENGINE=MyISAM');
                 // drop table
                 $db->drop($table);
             } catch (Exception $e) {
                 // add errors
                 $this->frm->addError('Problem with database credentials');
                 // show error
                 $this->tpl->assign('formError', $e->getMessage());
             }
             // all valid
             if ($this->frm->isCorrect()) {
                 // update session
                 SpoonSession::set('db_hostname', $this->frm->getField('hostname')->getValue());
                 SpoonSession::set('db_database', $this->frm->getField('database')->getValue());
                 SpoonSession::set('db_username', $this->frm->getField('username')->getValue());
                 SpoonSession::set('db_password', $this->frm->getField('password')->getValue());
                 SpoonSession::set('db_port', $this->frm->getField('port')->getValue());
                 // redirect
                 SpoonHTTP::redirect('index.php?step=6');
             }
         }
     }
 }
Exemple #18
0
 /**
  * Save statistics
  */
 private function saveStatistics()
 {
     // no search term = no search
     if (!$this->term) {
         return;
     }
     // previous search result
     $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : '';
     \SpoonSession::set('searchTerm', '');
     // save this term?
     if ($previousTerm != $this->term) {
         // format data
         $this->statistics = array();
         $this->statistics['term'] = $this->term;
         $this->statistics['language'] = LANGUAGE;
         $this->statistics['time'] = FrontendModel::getUTCDate();
         $this->statistics['data'] = serialize(array('server' => $_SERVER));
         $this->statistics['num_results'] = $this->pagination['num_items'];
         // save data
         FrontendSearchModel::save($this->statistics);
     }
     // save current search term in cookie
     \SpoonSession::set('searchTerm', $this->term);
 }
Exemple #19
0
 /**
  * Set the dates based on GET and SESSION
  * GET has priority and overwrites SESSION
  *
  * @return	void
  */
 public static function setDates()
 {
     // init vars with session data
     $startTimestamp = SpoonSession::exists('analytics_start_timestamp') ? SpoonSession::get('analytics_start_timestamp') : null;
     $endTimestamp = SpoonSession::exists('analytics_end_timestamp') ? SpoonSession::get('analytics_end_timestamp') : null;
     // overwrite with get data if needed
     if (isset($_GET['start_timestamp']) && $_GET['start_timestamp'] != '' && isset($_GET['end_timestamp']) && $_GET['end_timestamp'] != '') {
         // get dates
         $startTimestamp = (int) $_GET['start_timestamp'];
         $endTimestamp = (int) $_GET['end_timestamp'];
     }
     // dates are set
     if ($startTimestamp > 0 && $endTimestamp > 0) {
         // init valid
         $valid = true;
         // check startTimestamp (valid year/month/day)
         if (!checkdate((int) date('n', $startTimestamp), (int) date('j', $startTimestamp), (int) date('Y', $startTimestamp))) {
             $valid = false;
         } elseif (!checkdate((int) date('n', $endTimestamp), (int) date('j', $endTimestamp), (int) date('Y', $endTimestamp))) {
             $valid = false;
         } else {
             // start needs to be before end
             if ($startTimestamp > $endTimestamp) {
                 $valid = false;
             } elseif ($startTimestamp < mktime(0, 0, 0, 1, 1, 2005)) {
                 $valid = false;
             } elseif ($endTimestamp > time()) {
                 $valid = false;
             }
         }
         // valid dates
         if ($valid) {
             // set sessions
             SpoonSession::set('analytics_start_timestamp', $startTimestamp);
             SpoonSession::set('analytics_end_timestamp', $endTimestamp);
         }
     } else {
         // get interval
         $interval = BackendModel::getModuleSetting('analytics', 'interval', 'week');
         if ($interval == 'week') {
             $interval .= ' -1 days';
         }
         // set sessions
         SpoonSession::set('analytics_start_timestamp', strtotime('-1' . $interval, mktime(0, 0, 0)));
         SpoonSession::set('analytics_end_timestamp', mktime(0, 0, 0));
     }
 }
Exemple #20
0
 /**
  * Install a module.
  *
  * @param string $module The name of the module to be installed.
  * @param array $information Warnings from the upload of the module.
  */
 public static function installModule($module, array $warnings = array())
 {
     // we need the installer
     require_once BACKEND_CORE_PATH . '/installer/installer.php';
     require_once BACKEND_MODULES_PATH . '/' . $module . '/installer/installer.php';
     // installer class name
     $class = SpoonFilter::toCamelCase($module) . 'Installer';
     // possible variables available for the module installers
     $variables = array();
     // run installer
     $installer = new $class(BackendModel::getDB(true), BL::getActiveLanguages(), array_keys(BL::getInterfaceLanguages()), false, $variables);
     // execute installation
     $installer->install();
     // add the warnings
     foreach ($warnings as $warning) {
         $installer->addWarning($warning);
     }
     // save the warnings in session for later use
     if ($installer->getWarnings()) {
         $warnings = SpoonSession::exists('installer_warnings') ? SpoonSession::get('installer_warnings') : array();
         $warnings = array_merge($warnings, array('module' => $module, 'warnings' => $installer->getWarnings()));
         SpoonSession::set('installer_warnings', $warnings);
     }
     // clear the cache so locale (and so much more) gets rebuilt
     self::clearCache();
 }
Exemple #21
0
 /**
  * Redirect to the loading page after checking for infinite loops.
  *
  * @return	void
  * @param	string $action							The action to check for infinite loops.
  * @param	array[optional] $extraParameters		The extra parameters to append to the redirect url.
  */
 public static function redirectToLoadingPage($action, array $extraParameters = array())
 {
     // get loop counter
     $counter = SpoonSession::exists($action . 'Loop') ? SpoonSession::get($action . 'Loop') : 0;
     // loop has run too long - throw exception
     if ($counter > 2) {
         throw new BackendException('An infinite loop has been detected while getting data from cache for the action "' . $action . '".');
     }
     // set new counter
     SpoonSession::set($action . 'Loop', ++$counter);
     // put parameters into a string
     $extraParameters = empty($extraParameters) ? '' : '&' . http_build_query($extraParameters);
     // redirect to loading page which will get the needed data based on the current action
     SpoonHTTP::redirect(BackendModel::createURLForAction('loading') . '&redirect_action=' . $action . $extraParameters);
 }
Exemple #22
0
 /**
  * Set Param to Session
  * 
  * @param string $adminname	Admin's Name
  * @param string $adminpw	Admin's Password
  * @param string $expired	Admin's Session Length
  */
 private static function setSession($adminname, $adminpw, $expired)
 {
     SpoonSession::set('adminname', $adminname);
     SpoonSession::set('adminpw', $adminpw);
     SpoonSession::set('expiredTime', time() + $expired);
 }
Exemple #23
0
 /**
  * Validate the form
  */
 private function validateForm()
 {
     // get settings
     $commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments'];
     // comments aren't allowed so we don't have to validate
     if (!$commentsAllowed) {
         return false;
     }
     // is the form submitted
     if ($this->frm->isSubmitted()) {
         // cleanup the submitted fields, ignore fields that were added by hackers
         $this->frm->cleanupFields();
         // does the key exists?
         if (SpoonSession::exists('blog_comment_' . $this->record['id'])) {
             // calculate difference
             $diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']);
             // calculate difference, it it isn't 10 seconds the we tell the user to slow down
             if ($diff < 10 && $diff != 0) {
                 $this->frm->getField('message')->addError(FL::err('CommentTimeout'));
             }
         }
         // validate required fields
         $this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired'));
         $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
         $this->frm->getField('message')->isFilled(FL::err('MessageIsRequired'));
         // validate optional fields
         if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') {
             $this->frm->getField('website')->isURL(FL::err('InvalidURL'));
         }
         // no errors?
         if ($this->frm->isCorrect()) {
             // get module setting
             $spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter'];
             $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
             // reformat data
             $author = $this->frm->getField('author')->getValue();
             $email = $this->frm->getField('email')->getValue();
             $website = $this->frm->getField('website')->getValue();
             if (trim($website) == '' || $website == 'http://') {
                 $website = null;
             }
             $text = $this->frm->getField('message')->getValue();
             // build array
             $comment['post_id'] = $this->record['id'];
             $comment['language'] = FRONTEND_LANGUAGE;
             $comment['created_on'] = FrontendModel::getUTCDate();
             $comment['author'] = $author;
             $comment['email'] = $email;
             $comment['website'] = $website;
             $comment['text'] = $text;
             $comment['status'] = 'published';
             $comment['data'] = serialize(array('server' => $_SERVER));
             // get URL for article
             $permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url'];
             $redirectLink = $permaLink;
             // is moderation enabled
             if ($moderationEnabled) {
                 // if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue
                 if (!FrontendBlogModel::isModerated($author, $email)) {
                     $comment['status'] = 'moderation';
                 }
             }
             // should we check if the item is spam
             if ($spamFilterEnabled) {
                 // check for spam
                 $result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website);
                 // if the comment is spam alter the comment status so it will appear in the spam queue
                 if ($result) {
                     $comment['status'] = 'spam';
                 } elseif ($result == 'unknown') {
                     $comment['status'] = 'moderation';
                 }
             }
             // insert comment
             $comment['id'] = FrontendBlogModel::insertComment($comment);
             // trigger event
             FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment));
             // append a parameter to the URL so we can show moderation
             if (strpos($redirectLink, '?') === false) {
                 if ($comment['status'] == 'moderation') {
                     $redirectLink .= '?comment=moderation#' . FL::act('Comment');
                 }
                 if ($comment['status'] == 'spam') {
                     $redirectLink .= '?comment=spam#' . FL::act('Comment');
                 }
                 if ($comment['status'] == 'published') {
                     $redirectLink .= '?comment=true#comment-' . $comment['id'];
                 }
             } else {
                 if ($comment['status'] == 'moderation') {
                     $redirectLink .= '&comment=moderation#' . FL::act('Comment');
                 }
                 if ($comment['status'] == 'spam') {
                     $redirectLink .= '&comment=spam#' . FL::act('Comment');
                 }
                 if ($comment['status'] == 'published') {
                     $redirectLink .= '&comment=true#comment-' . $comment['id'];
                 }
             }
             // set title
             $comment['post_title'] = $this->record['title'];
             $comment['post_url'] = $this->record['url'];
             // notify the admin
             FrontendBlogModel::notifyAdmin($comment);
             // store timestamp in session so we can block excesive usage
             SpoonSession::set('blog_comment_' . $this->record['id'], time());
             // store author-data in cookies
             try {
                 SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
                 SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
                 SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
             } catch (Exception $e) {
                 // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
             }
             // redirect
             $this->redirect($redirectLink);
         }
     }
 }
Exemple #24
0
 /**
  * Logout a profile.
  */
 public static function logout()
 {
     // delete session records
     FrontendModel::getContainer()->get('database')->delete('profiles_sessions', 'session_id = ?', array(\SpoonSession::getSessionId()));
     // set is_logged_in to false
     \SpoonSession::set('frontend_profile_logged_in', false);
     // delete cookie
     CommonCookie::delete('frontend_profile_secret_key');
 }
Exemple #25
0
 /**
  * Process the query string
  */
 private function processQueryString()
 {
     // store the query string local, so we don't alter it.
     $queryString = trim($this->request->getPathInfo(), '/');
     // split into chunks
     $chunks = (array) explode('/', $queryString);
     $hasMultiLanguages = $this->getContainer()->getParameter('site.multilanguage');
     // single language
     if (!$hasMultiLanguages) {
         // set language id
         $language = $this->get('fork.settings')->get('Core', 'default_language', SITE_DEFAULT_LANGUAGE);
     } else {
         // multiple languages
         // default value
         $mustRedirect = false;
         // get possible languages
         $possibleLanguages = (array) Language::getActiveLanguages();
         $redirectLanguages = (array) Language::getRedirectLanguages();
         // the language is present in the URL
         if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) {
             // define language
             $language = (string) $chunks[0];
             // try to set a cookie with the language
             try {
                 // set cookie
                 CommonCookie::set('frontend_language', $language);
             } catch (\SpoonCookieException $e) {
                 // settings cookies isn't allowed, because this isn't a real problem we ignore the exception
             }
             // set sessions
             \SpoonSession::set('frontend_language', $language);
             // remove the language part
             array_shift($chunks);
         } elseif (CommonCookie::exists('frontend_language') && in_array(CommonCookie::get('frontend_language'), $redirectLanguages)) {
             // set languageId
             $language = (string) CommonCookie::get('frontend_language');
             // redirect is needed
             $mustRedirect = true;
         } else {
             // default browser language
             // set languageId & abbreviation
             $language = Language::getBrowserLanguage();
             // try to set a cookie with the language
             try {
                 // set cookie
                 CommonCookie::set('frontend_language', $language);
             } catch (\SpoonCookieException $e) {
                 // settings cookies isn't allowed, because this isn't a real problem we ignore the exception
             }
             // redirect is needed
             $mustRedirect = true;
         }
         // redirect is required
         if ($mustRedirect) {
             // build URL
             // trim the first / from the query string to prevent double slashes
             $url = rtrim('/' . $language . '/' . trim($this->getQueryString(), '/'), '/');
             // when we are just adding the language to the domain, it's a temporary redirect because
             // Safari keeps the 301 in cache, so the cookie to switch language doesn't work any more
             $redirectCode = $url == '/' . $language ? 302 : 301;
             // set header & redirect
             throw new RedirectException('Redirect', new RedirectResponse($url, $redirectCode));
         }
     }
     // define the language
     defined('FRONTEND_LANGUAGE') || define('FRONTEND_LANGUAGE', $language);
     defined('LANGUAGE') || define('LANGUAGE', $language);
     // sets the locale file
     Language::setLocale($language);
     // list of pageIds & their full URL
     $keys = Navigation::getKeys();
     // rebuild our URL, but without the language parameter. (it's tripped earlier)
     $url = implode('/', $chunks);
     $startURL = $url;
     // loop until we find the URL in the list of pages
     while (!in_array($url, $keys)) {
         // remove the last chunk
         array_pop($chunks);
         // redefine the URL
         $url = implode('/', $chunks);
     }
     // remove language from query string
     if ($hasMultiLanguages) {
         $queryString = trim(mb_substr($queryString, mb_strlen($language)), '/');
     }
     // if it's the homepage AND parameters were given (not allowed!)
     if ($url == '' && $queryString != '') {
         // get 404 URL
         $url = Navigation::getURL(404);
         // remove language
         if ($hasMultiLanguages) {
             $url = str_replace('/' . $language, '', $url);
         }
     }
     // set pages
     $url = trim($url, '/');
     // currently not in the homepage
     if ($url != '') {
         // explode in pages
         $pages = explode('/', $url);
         // reset pages
         $this->setPages($pages);
         // reset parameters
         $this->setParameters(array());
     }
     // set parameters
     $parameters = trim(mb_substr($startURL, mb_strlen($url)), '/');
     // has at least one parameter
     if ($parameters != '') {
         // parameters will be separated by /
         $parameters = explode('/', $parameters);
         // set parameters
         $this->setParameters($parameters);
     }
     // pageId, parentId & depth
     $pageId = Navigation::getPageId(implode('/', $this->getPages()));
     $pageInfo = Navigation::getPageInfo($pageId);
     // invalid page, or parameters but no extra
     if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) {
         // get 404 URL
         $url = Navigation::getURL(404);
         // remove language
         if ($hasMultiLanguages) {
             $url = str_replace('/' . $language, '', $url);
         }
         // remove the first slash
         $url = trim($url, '/');
         // currently not in the homepage
         if ($url != '') {
             // explode in pages
             $pages = explode('/', $url);
             // reset pages
             $this->setPages($pages);
             // reset parameters
             $this->setParameters(array());
         }
     }
     // is this an internal redirect?
     if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') {
         // get url for item
         $newPageURL = Navigation::getURL((int) $pageInfo['redirect_page_id']);
         $errorURL = Navigation::getURL(404);
         // not an error?
         if ($newPageURL != $errorURL) {
             // redirect
             throw new RedirectException('Redirect', new RedirectResponse($newPageURL, $pageInfo['redirect_code']));
         }
     }
     // is this an external redirect?
     if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') {
         // redirect
         throw new RedirectException('Redirect', new RedirectResponse($pageInfo['redirect_url'], $pageInfo['redirect_code']));
     }
 }
Exemple #26
0
 /**
  * Get the token which will protect us
  *
  * @return string
  */
 public static function getToken()
 {
     if (\SpoonSession::exists('csrf_token') && \SpoonSession::get('csrf_token') != '') {
         $token = \SpoonSession::get('csrf_token');
     } else {
         $token = self::generateRandomString(10, true, true, false, false);
         \SpoonSession::set('csrf_token', $token);
     }
     return $token;
 }
Exemple #27
0
 /**
  * Get a token
  *
  * @return	string
  */
 public function getToken()
 {
     if (!SpoonSession::exists('form_token')) {
         $token = md5(SpoonSession::getSessionId() . rand(0, 999) . time());
         SpoonSession::set('form_token', $token);
     }
     return SpoonSession::get('form_token');
 }
Exemple #28
0
 /**
  * Validate the forms
  */
 private function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $txtEmail = $this->frm->getField('backend_email');
         $txtPassword = $this->frm->getField('backend_password');
         // required fields
         if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
             // add error
             $this->frm->addError('fields required');
             // show error
             $this->tpl->assign('hasError', true);
         }
         // invalid form-token?
         if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
             // set a correct header, so bots understand they can't mess with us.
             if (!headers_sent()) {
                 header('400 Bad Request', true, 400);
             }
         }
         // all fields are ok?
         if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
             // try to login the user
             if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
                 // add error
                 $this->frm->addError('invalid login');
                 // store attempt in session
                 $current = SpoonSession::exists('backend_login_attempts') ? (int) SpoonSession::get('backend_login_attempts') : 0;
                 // increment and store
                 SpoonSession::set('backend_login_attempts', ++$current);
                 // show error
                 $this->tpl->assign('hasError', true);
             }
         }
         // check sessions
         if (SpoonSession::exists('backend_login_attempts') && (int) SpoonSession::get('backend_login_attempts') >= 5) {
             // get previous attempt
             $previousAttempt = SpoonSession::exists('backend_last_attempt') ? SpoonSession::get('backend_last_attempt') : time();
             // calculate timeout
             $timeout = 5 * (SpoonSession::get('backend_login_attempts') - 4);
             // too soon!
             if (time() < $previousAttempt + $timeout) {
                 // sleep untill the user can login again
                 sleep($timeout);
                 // set a correct header, so bots understand they can't mess with us.
                 if (!headers_sent()) {
                     header('503 Service Unavailable', true, 503);
                 }
             } else {
                 // increment and store
                 SpoonSession::set('backend_last_attempt', time());
             }
             // too many attempts
             $this->frm->addEditor('too many attempts');
             // show error
             $this->tpl->assign('hasTooManyAttemps', true);
             $this->tpl->assign('hasError', false);
         }
         // no errors in the form?
         if ($this->frm->isCorrect()) {
             // cleanup sessions
             SpoonSession::delete('backend_login_attempts');
             SpoonSession::delete('backend_last_attempt');
             // create filter with modules which may not be displayed
             $filter = array('authentication', 'error', 'core');
             // get all modules
             $modules = array_diff(BackendModel::getModules(), $filter);
             // loop through modules and break on first allowed module
             foreach ($modules as $module) {
                 if (BackendAuthentication::isAllowedModule($module)) {
                     break;
                 }
             }
             // redirect to the correct URL (URL the user was looking for or fallback)
             $this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, $module)));
         }
     }
     // is the form submitted
     if ($this->frmForgotPassword->isSubmitted()) {
         // backend email
         $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
         // required fields
         if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
             // check if there is a user with the given emailaddress
             if (!BackendUsersModel::existsEmail($email)) {
                 $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
             }
         }
         // no errors in the form?
         if ($this->frmForgotPassword->isCorrect()) {
             // generate the key for the reset link and fetch the user ID for this email
             $key = BackendAuthentication::getEncryptedString($email, uniqid());
             // insert the key and the timestamp into the user settings
             $userId = BackendUsersModel::getIdByEmail($email);
             $user = new BackendUser($userId);
             $user->setSetting('reset_password_key', $key);
             $user->setSetting('reset_password_timestamp', time());
             // variables to parse in the e-mail
             $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('reset_password') . '&email=' . $email . '&key=' . $key;
             // send e-mail to user
             BackendMailer::addEmail(SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')), BACKEND_MODULE_PATH . '/layout/templates/mails/reset_password.tpl', $variables, $email);
             // clear post-values
             $_POST['backend_email_forgot'] = '';
             // show success message
             $this->tpl->assign('isForgotPasswordSuccess', true);
             // show form
             $this->tpl->assign('showForm', true);
         } else {
             $this->tpl->assign('showForm', true);
         }
     }
 }
Exemple #29
0
 /**
  * Validate the forms
  */
 private function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $txtEmail = $this->frm->getField('backend_email');
         $txtPassword = $this->frm->getField('backend_password');
         // required fields
         if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
             // add error
             $this->frm->addError('fields required');
             // show error
             $this->tpl->assign('hasError', true);
         }
         $this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'.");
         // invalid form-token?
         if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
             // set a correct header, so bots understand they can't mess with us.
             if (!headers_sent()) {
                 header('400 Bad Request', true, 400);
             }
         }
         // get the user's id
         $userId = BackendUsersModel::getIdByEmail($txtEmail->getValue());
         // all fields are ok?
         if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
             // try to login the user
             if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
                 $this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'.");
                 // add error
                 $this->frm->addError('invalid login');
                 // store attempt in session
                 $current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0;
                 // increment and store
                 \SpoonSession::set('backend_login_attempts', ++$current);
                 // save the failed login attempt in the user's settings
                 if ($userId !== false) {
                     BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time());
                 }
                 // show error
                 $this->tpl->assign('hasError', true);
             }
         }
         // check sessions
         if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) {
             // get previous attempt
             $previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time();
             // calculate timeout
             $timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4);
             // too soon!
             if (time() < $previousAttempt + $timeout) {
                 // sleep until the user can login again
                 sleep($timeout);
                 // set a correct header, so bots understand they can't mess with us.
                 if (!headers_sent()) {
                     header('503 Service Unavailable', true, 503);
                 }
             } else {
                 // increment and store
                 \SpoonSession::set('backend_last_attempt', time());
             }
             // too many attempts
             $this->frm->addEditor('too many attempts');
             $this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'.");
             // show error
             $this->tpl->assign('hasTooManyAttemps', true);
             $this->tpl->assign('hasError', false);
         }
         // no errors in the form?
         if ($this->frm->isCorrect()) {
             // cleanup sessions
             \SpoonSession::delete('backend_login_attempts');
             \SpoonSession::delete('backend_last_attempt');
             // save the login timestamp in the user's settings
             $lastLogin = BackendUsersModel::getSetting($userId, 'current_login');
             BackendUsersModel::setSetting($userId, 'current_login', time());
             if ($lastLogin) {
                 BackendUsersModel::setSetting($userId, 'last_login', $lastLogin);
             }
             $this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'.");
             // redirect to the correct URL (URL the user was looking for or fallback)
             $this->redirectToAllowedModuleAndAction();
         }
     }
     // is the form submitted
     if ($this->frmForgotPassword->isSubmitted()) {
         // backend email
         $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
         // required fields
         if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
             // check if there is a user with the given emailaddress
             if (!BackendUsersModel::existsEmail($email)) {
                 $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
             }
         }
         // no errors in the form?
         if ($this->frmForgotPassword->isCorrect()) {
             // generate the key for the reset link and fetch the user ID for this email
             $key = BackendAuthentication::getEncryptedString($email, uniqid());
             // insert the key and the timestamp into the user settings
             $userId = BackendUsersModel::getIdByEmail($email);
             $user = new User($userId);
             $user->setSetting('reset_password_key', $key);
             $user->setSetting('reset_password_timestamp', time());
             // variables to parse in the e-mail
             $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key;
             // send e-mail to user
             $from = $this->get('fork.settings')->get('Core', 'mailer_from');
             $replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to');
             $message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables);
             $this->get('mailer')->send($message);
             // clear post-values
             $_POST['backend_email_forgot'] = '';
             // show success message
             $this->tpl->assign('isForgotPasswordSuccess', true);
             // show form
             $this->tpl->assign('showForm', true);
         } else {
             // errors?
             $this->tpl->assign('showForm', true);
         }
     }
 }
Exemple #30
0
 /**
  * Validate the form based on the variables in $_POST
  */
 private function validateForm()
 {
     // form submitted
     if ($this->frm->isSubmitted()) {
         // validate email address
         if ($this->frm->getField('different_debug_email')->isChecked()) {
             $this->frm->getField('debug_email')->isEmail('Please provide a valid e-mailaddress.');
         }
         // all valid
         if ($this->frm->isCorrect()) {
             // get selected modules
             $modules = $this->frm->getField('modules')->getValue();
             // add blog if example data was checked
             if ($this->frm->getField('example_data')->getChecked() && !in_array('blog', $modules)) {
                 $modules[] = 'blog';
             }
             // set modules
             SpoonSession::set('modules', $modules);
             // example data
             SpoonSession::set('example_data', $this->frm->getField('example_data')->getChecked());
             // debug mode
             SpoonSession::set('debug_mode', $this->frm->getField('debug_mode')->getChecked());
             // specific debug email address
             SpoonSession::set('different_debug_email', $this->frm->getField('different_debug_email')->getChecked());
             // specific debug email address text
             SpoonSession::set('debug_email', $this->frm->getField('debug_email')->getValue());
             // redirect
             SpoonHTTP::redirect('index.php?step=5');
         }
     }
 }