/**
* Send a posted contact request to the site admin.
*/
public function postSendMessage()
{
// Make sure the sender's email address is valid.
if (!($sender_email = Request::post('email', 'email'))) {
Messenger::error('Please enter a valid email address.');
return $this->get();
}
if (!ReCaptcha::verify()) {
Messenger::error('You did not correctly enter the captcha code.');
return $this->get();
}
$subject = Configuration::get('contact.subject');
$body = "\nName: {$_POST['name']}\nEmail: {$sender_email}\nMessage:\n{$_POST['message']}";
$to_addresses = Configuration::get('contact.to');
$mailer = new Mailer();
foreach ($to_addresses as $to) {
$mailer->to($to);
}
$sent = $mailer->from($sender_email)->subject($subject)->message($body)->send();
if (!$sent) {
Messenger::error('Your message could not be sent. Please try again later');
return $this->get();
} else {
// Send an email to to have them test for spam.
if ($auto_responder = Configuration::get('contact.auto_responder')) {
$auto_responder_mailer = new Mailer();
$result = $auto_responder_mailer->sendOne($auto_responder, UserModel::loadByEmail($sender_email) ?: new UserModel(array('email' => $sender_email)));
if ($result && Configuration::get('contact.spam_test')) {
// Set the notice.
Navigation::redirect('/message', array('msg' => 'spam_test'));
}
}
Navigation::redirect('/message', array('msg' => 'contact_sent'));
}
}
/**
* Send a test email.
*/
public function postSendTest()
{
Output::disableBuffering();
Messenger::setVerbose(true);
$mailer = new Mailer(true);
$mailer->sendBulk(Request::get('id', 'int'), true);
exit;
}
public function postSave()
{
$user = ClientUser::getInstance();
// Update the user name.
$user->update(array('first' => Request::get('first'), 'last' => Request::get('last')));
// Update the password.
$password = Request::post('password');
$new_password = Request::post('new_password');
$new_password_confirm = Request::post('new_password_confirm');
if (!empty($password) && $user->checkPass($password)) {
if (false) {
Messenger::error('Your password did not meet the required criteria.');
} elseif ($new_password != $new_password_confirm) {
Messenger::error('You did not enter the same password twice.');
} else {
$user->setPass($new_password);
}
} elseif (!empty($new_password) || !empty($new_password)) {
Messenger::error('You did not enter your correct current password.');
}
// Update mailing list preferences.
$new_lists = Request::get('subscribed', 'array', 'int', array());
$new_lists = array_combine($new_lists, $new_lists);
$all_lists = Subscription::getLists();
$user_id = ClientUser::getInstance()->id;
$user_lists = Subscription::getUserLists($user_id);
$remove_lists = array();
foreach ($user_lists as $list) {
if (empty($new_lists[$list['message_list_id']]) && !empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
$add_lists = $new_lists;
unset($add_lists[0]);
if (!isset($new_lists[0])) {
foreach ($all_lists as $list) {
if (empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
}
$db = Database::getInstance();
if (!empty($remove_lists)) {
$db->delete('message_list_user', array('message_list_id' => array('IN', $remove_lists), 'user_id' => $user_id));
}
if (!empty($add_lists)) {
$db->insertMultiple('message_list_user', array('message_list_id' => $add_lists, 'user_id' => $user_id), true);
}
if (count(Messenger::getErrors()) == 0) {
Navigation::redirect(null, array('msg' => 'saved'));
}
}
/**
* Execute the callback.
*/
public function execute()
{
$action = ucfirst(Request::get('action'));
$request_type = strtolower(Request::type());
if ($action) {
if (in_array($request_type . $action, get_class_methods($this))) {
$this->{$request_type . $action}();
$this->output();
} else {
Messenger::error('There was an error processing your submission.');
}
} else {
if (in_array($request_type, get_class_methods($this))) {
$this->{$request_type}();
$this->output();
} else {
$this->output = array();
// TODO: show 302
echo 'Method not available';
exit;
}
}
}
/**
* Upgrades users by assigning them roles at the base of their type field's value
*/
public function postUpgradeRoles()
{
$users = Database::getInstance()->selectAll(array('from' => 'user', 'join' => array(array('LEFT JOIN', 'user_role', 'ON user_role.user_id = user.user_id'))), array(), array('user.user_id', 'user.type', 'user_role.role_id'));
// because of we add new role, roles numbers are differ from user.types
// so we use this array to make their conformity
$typesToRoles = array('3' => 2, '4' => 3, '5' => 1);
// assigning roles
$i = 0;
foreach ($users as $user) {
// if role not set yet
if (empty($user['role_id'])) {
// insert
if (array_key_exists($user['type'], $typesToRoles)) {
if (empty($user['role_id']) or $user['role_id'] == NULL) {
$values = array('role_id' => $typesToRoles[$user['type']], 'user_id' => $user['user_id']);
Database::getInstance()->insert('user_role', $values);
$i++;
}
}
}
}
Messenger::message(" {$i} users was upgraded!");
return $this->get();
}
/**
* Create a new session.
*
* @param int $user_id
* Optional user ID if the user is already known.
* @param bool $remember
* Optional remember flag to remember the user after they have logged out.
*
* @return session
*/
public static function create($user_id = 0, $remember = false)
{
$session_details = array();
$new_sess_key = static::getNewSessionId();
$new_token = Random::getInstance()->get(64, Random::HEX);
if (empty($new_sess_key) || empty($new_token)) {
Messenger::error('Session error.');
}
$session_details['session_key'] = $new_sess_key;
$session_details['last_ping'] = time();
$session_details['session_ip'] = LightningRequest::server('ip_int');
$session_details['user_id'] = $user_id;
$session_details['state'] = 0 | ($remember ? static::STATE_REMEMBER : 0);
$session_details['form_token'] = $new_token;
$session_details['session_id'] = Database::getInstance()->insert('session', $session_details);
$session = new static($session_details);
$session->setCookie();
return $session;
}
/**
* Prepare the output and tell the template to render.
*/
public function output() {
// Send globals to the template.
$template = Template::getInstance();
if (!empty($this->page)) {
$template->set('content', $this->page);
}
$template->set('google_analytics_id', Configuration::get('google_analytics_id'));
// TODO: These should be called directly from the template.
$template->set('errors', Messenger::getErrors());
$template->set('messages', Messenger::getMessages());
$template->set('site_name', Configuration::get('site.name'));
$template->set('blog', Blog::getInstance());
JS::set('active_nav', $this->nav);
$template->render($this->template);
}
<?php
use Lightning\Tools\Messenger;
use Lightning\Tools\Request;
use Lightning\Tools\Router;
define('HOME_PATH', __DIR__);
require_once 'Lightning/bootstrap.php';
$handler = Router::getRoute();
if (empty($handler)) {
// TODO: show 404;
echo "No handler found.\n";
exit;
}
try {
$page = new $handler();
$page->execute();
} catch (Exception $e) {
$errors = Messenger::getErrors();
array_unshift($errors, $e->getMessage());
echo implode("\n", $errors);
}
/**
* Called whenever mysql returns an error executing a query.
*
* @param array $error
* The PDO error.
* @param string $sql
* The original query.
*
* @throws Exception
* When a mysql error occurs.
*/
public function errorHandler($error, $sql)
{
$errors = array();
// Add a header.
$errors[] = "MYSQL ERROR ({$error['0']}:{$error['1']}): {$error['2']}";
// Add the full query.
$errors[] = $sql;
// Show the stack trace.
$backtrace = debug_backtrace();
foreach ($backtrace as $call) {
if (empty($call['file'])) {
$errors[] = 'Called from: ' . $call['class'] . ' : ' . $call['function'];
} elseif (!preg_match('/class_database\\.php$/', $call['file'])) {
$errors[] = 'Called from: ' . $call['file'] . ' : ' . $call['line'];
}
}
// Show actual mysql error.
$errors[] = $error[2];
if ($this->verbose) {
// Add a footer.
// @todo change this so it doesn't require an input.
foreach ($errors as $e) {
Messenger::error($e);
}
throw new Exception("***** MYSQL ERROR *****");
} else {
foreach ($errors as $e) {
Logger::error($e);
}
Logger::error($sql);
}
exit;
}
/**
* Validates POST data (email, password and confirmation).
*
* @param string $email
* @param string $pass
*
* @return boolean
*/
protected function validateData($email, $pass)
{
// Default value
$result = TRUE;
// Are all fields filled?
if (is_null($email) or is_null($pass)) {
Messenger::error('Please fill out all the fields');
$result = FALSE;
}
// Is email correct?
if ($email === FALSE) {
Messenger::error('Please enter a valid email');
$result = FALSE;
}
// Are passwords strong enough? Check its length
$min_password_length = Configuration::get('user.min_password_length');
if (strlen($pass) < $min_password_length) {
Messenger::error("Passwords must be at least {$min_password_length} characters");
$result = FALSE;
}
return $result;
}
public static function notFound() {
Messenger::error('Not Found');
header('HTTP/1.0 404 NOT FOUND');
if(static::isJSONRequest()) {
static::json(static::ERROR);
} else {
Template::getInstance()->render('');
}
exit;
}
/**
* Get the user query for users who will receive this message.
*
* @return array
* An array of users.
*/
protected function getUsersQuery()
{
$this->loadLists();
if (empty($this->lists)) {
Messenger::error('Your message does not have any mailing lists selected.');
return array('table' => 'user', 'where' => array('false' => array('expression' => 'false')));
}
// Start with a list of users in the messages selected lists.
$table = array('from' => 'message_list_user', 'join' => array(array('JOIN', 'user', 'ON user.user_id = message_list_user.user_id')));
$where = array('message_list_id' => array('IN', $this->lists));
// Make sure the message is never resent.
if ($this->auto || !empty($this->never_resend)) {
$table['join'][] = array('LEFT JOIN', 'tracker_event', 'ON tracker_event.user_id = user.user_id AND tracker_event.tracker_id = ' . self::$message_sent_id . ' AND tracker_event.sub_id = ' . $this->message_id);
$where['tracker_event.user_id'] = null;
}
// Make sure the user matches a criteria.
$this->loadCriteria();
foreach ($this->criteria as $criteria) {
$field_values = json_decode($criteria['field_values'], true);
if (!empty($criteria['join'])) {
if ($c_table = json_decode($criteria['join'], true)) {
// The entry is a full join array.
$this->replaceCriteriaVariables($c_table, $field_values);
$table['join'][] = $c_table;
} else {
// The entry is just a table name.
$table['join'][] = array('LEFT JOIN', $criteria['join'], 'ON ' . $criteria['join'] . '.user_id = user.user_id');
}
}
if ($test = json_decode($criteria['test'], true)) {
$this->replaceCriteriaVariables($test, $field_values);
$where[] = $test;
}
}
return array('table' => $table, 'where' => $where);
}
/**
* Send the current single message.
*
* @return boolean
* Whether the message was successful.
*/
public function sendMessage()
{
// Set the default from name if it wasn't set.
if (!$this->fromSet) {
$this->from(Configuration::get('site.mail_from'), Configuration::get('site.mail_from_name'));
}
if (!$this->built) {
// Rebuild with the new custom variables.
$this->message->resetCustomVariables($this->customVariables);
$this->subject($this->message->getSubject());
$this->message($this->message->getMessage());
$this->built = true;
}
// Send the message.
try {
return $this->mailer->send();
} catch (\Exception $e) {
Messenger::error($e->getMessage());
return false;
}
}
protected function getFieldValues(&$field_list, $accessTable = false)
{
$output = array();
$dependenciesMet = true;
foreach ($field_list as $f => $field) {
// check for settings that override user input
if ($this->action == "insert" && !$this->get_value_on_new($field)) {
continue;
} elseif ($this->action == "update" && !$this->get_value_on_update($field)) {
continue;
}
if ($field['type'] == 'note') {
continue;
}
if (!empty($field['nocolumn'])) {
continue;
}
if (!empty($field['table']) && $field['table'] == "access" && !$accessTable) {
continue;
} elseif (!isset($field['table']) && $accessTable) {
continue;
}
unset($val);
$sanitize = false;
$html = false;
$ignore = false;
if (!isset($field['form_field'])) {
$field['form_field'] = $field['field'];
}
// GET THE FIELD VALUE
// OVERRIDES
if (!empty($field['force_default_new']) && $this->action == "insert") {
$val = $field['default'];
// developer entered, could need sanitization
$sanitize = true;
} elseif ($this->parentLink == $field['field']) {
// parent link
$val = $this->parentId;
// already sanitized, not needed
// FUNCTIONS
} elseif ($this->action == 'insert' && isset($field['insert_function'])) {
// function when modified
$this->preset[$field['field']]['insert_function']($output);
continue;
} elseif ($this->action == 'update' && isset($field['modified_function'])) {
$this->preset[$field['field']]['modified_function']($output);
continue;
} elseif (isset($field['submit_function'])) {
// covers both insert_function and modified_function
$this->preset[$field['field']]['submit_function']($output);
continue;
} else {
switch (preg_replace('/\\([0-9]+\\)/', '', $field['type'])) {
case 'image':
case 'file':
if ($_FILES[$field['field']]['size'] > 0 && $_FILES[$field['field']]['error'] == UPLOAD_ERR_OK && ((!isset($field['replaceable']) || $field['replaceable'] === false) && $this->action == 'update' || $this->action == 'insert')) {
// delete previous file
$this->get_row();
if ($field['type'] == 'file') {
$val = $this->saveFile($field, $_FILES[$field['field']]);
} else {
$val = $this->saveImage($field, $_FILES[$field['field']]);
}
} else {
$ignore = true;
}
break;
case 'date':
$val = Time::getDate($field['form_field'], !empty($field['allow_blank']));
break;
case 'time':
$val = Time::getTime($field['form_field'], !empty($field['allow_blank']));
break;
case 'datetime':
$val = Time::getDateTime($field['form_field'], !empty($field['allow_blank']));
break;
case 'checkbox':
$val = (int) Request::get($field['form_field'], 'boolean');
break;
case 'checklist':
$vals = '';
$maxi = 0;
foreach ($field['options'] as $i => $opt) {
if (is_array($opt)) {
$maxi = max($maxi, $opt[0]);
} else {
$maxi = max($maxi, $i);
}
}
for ($i = 0; $i <= $maxi; $i++) {
$vals .= $_POST[$field['form_field'] . '_' . $i] == 1 || $_POST[$field['form_field'] . '_' . $i] == "on" ? 1 : 0;
}
$val = bindec(strrev($vals));
break;
case 'bit':
$val = ['bit' => decbin(Request::get($field['form_field'], 'int'))];
break;
case 'html':
$val = Request::get($field['form_field'], 'html', !empty($field['allowed_html']) ? $field['allowed_html'] : '', !empty($field['allowed_css']) ? $field['allowed_css'] : '', !empty($field['trusted']), !empty($field['full_page']));
break;
case 'int':
case 'float':
case 'email':
case 'url':
$val = Request::post($field['form_field'], $field['type']);
break;
default:
// This will include 'url'
// TODO: this can be set to include the date types above also.
$val = Request::get($field['form_field'], $field['type']);
break;
}
}
// If there is an alternate default value
if (!isset($val) && $this->action == "insert" && isset($field['default'])) {
$val = $field['default'];
// Developer input - could require sanitization.
$sanitize = true;
}
// Sanitize the input.
$sanitize_field = $this->action == 'insert' ? 'insert_sanitize' : 'modify_sanitize';
if ($sanitize && (!isset($field[$sanitize_field]) || $field[$sanitize_field] !== false || (!isset($field['sanitize']) || $field['sanitize'] !== false))) {
$val = $this->input_sanitize($val, $html);
}
// If this value is required.
if (!empty($field['required']) && empty($val)) {
Messenger::error('The field ' . $this->fields[$f]['display_name'] . ' is required.');
$dependenciesMet = false;
}
// If the value needs to be encrypted
if (!empty($field['encrypted'])) {
$val = $this->encrypt($this->table, $field['field'], $val);
}
if (!$ignore && empty($field['no_save'])) {
$output[$field['field']] = $val;
}
}
$dependenciesMet &= $this->processFieldValues($output);
return $dependenciesMet ? $output : false;
}
/**
* Terminate the program and send any current errors or messages.
*
* @param string $error
* An optional error message to add at fail time.
*/
protected function _die($error = '')
{
// These must be global to send to the foot file.
// @todo fire some final callback
if ($this->verbose) {
Messenger::error($error);
}
// Call the shutdown function.
if (!empty($this->shutdown_function) && is_callable($this->shutdown_function)) {
call_user_func($this->shutdown_function, $this->output, FALSE, FALSE);
}
$this->finalize();
Output::jsonData($this->output);
}
/**
* @todo this method needs to be updated.
*/
public function postChangePass()
{
$template = Template::getInstance();
$user = ClientUser::getInstance();
$template->set('content', 'user_reset');
if ($_POST['new_pass'] == $_POST['new_pass_conf']) {
if (isset($_POST['new_pass'])) {
if ($user->change_temp_pass($_POST['email'], $_POST['new_pass'], $_POST['code'])) {
$template->set("password_changed", true);
}
} else {
$template->set("change_password", true);
}
} else {
Messenger::error('Your password is not secure. Please pick a more secure password.');
$template->set("change_password", true);
}
}
protected function requestSuccess()
{
if (is_array($this->results)) {
// HEADERS
$this->outputCookies();
$this->redirect();
// STANDARD OUTPUT
if (isset($this->results['errors']) && is_array($this->results['errors'])) {
foreach ($this->results['errors'] as $error) {
Messenger::error($error);
}
}
if (isset($this->results['messages']) && is_array($this->results['messages'])) {
foreach ($this->results['messages'] as $message) {
Messenger::message($message);
}
}
return $this->hasErrors() ? false : true;
} else {
if ($this->verbose) {
Output::error("Error reading from application!\n{$this->raw}");
} else {
Output::error("Error reading from application!");
}
}
}
<h1 id="page_header"><?php
echo $page_header;
?>
</h1>
<?
endif;
$errors = Messenger::getErrors();
if (count($errors) > 0): ?>
<div class="messenger error">
<ul><? foreach ($errors as $error): ?><li><?php
echo $error;
?>
</li><? endforeach; ?></ul>
</div>
<? endif;
$messages = Messenger::getMessages();
if (count($messages) > 0): ?>
<div class="messenger message">
<ul><? foreach ($messages as $message): ?><li><?php
echo $message;
?>
</li><? endforeach; ?></ul>
</div>
<?
endif;
if (!empty($content)) :
$this->build($content);
endif; ?>
</div>
<? endif; ?>
</div>
