Exemple #1
0
 public function init(Website $website, Request $request)
 {
     $this->installedWidgets = $website->getWidgets();
     $widgetRepo = new WidgetRepository($website);
     $widgetId = $request->getParamInt(0);
     if ($widgetId === 0) {
         // New widget
         $this->placedWidget = $this->getNewWidget($website, $request);
     } else {
         $this->placedWidget = $widgetRepo->getPlacedWidget($widgetId);
     }
     if ($request->hasRequestValue("submit") && Validate::requestToken($request)) {
         // Use incoming data
         $widgetDefinition = $this->installedWidgets->getDefinition($this->placedWidget);
         $data = $widgetDefinition->parseData($website, $widgetId);
         $this->placedWidget->setData($data);
         if ($this->isValid($data)) {
             // Save widget
             $widgetRepo->savePlacedWidget($this->placedWidget);
             $this->addSaveMessage($this->placedWidget, $website->getText());
         }
     }
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #2
0
 private function saveData(Text $text, Request $request, Document $document, DocumentRepository $documentRepo)
 {
     if (!$request->hasRequestValue("intro") || !$request->hasRequestValue("title")) {
         return;
     }
     if ($document->isForWidgetArea()) {
         $text->addError($text->t("main.document") . ' ' . $text->t("errors.not_editable"));
         return;
     }
     $document->setIntro($request->getRequestString("intro", ''));
     $document->setTitle($request->getRequestString("title", ''));
     $valid = true;
     if (!Validate::requestToken($request)) {
         $valid = false;
     }
     if (!Validate::stringLength($document->getIntro(), Document::INTRO_MIN_LENGTH, Document::INTRO_MAX_LENGTH)) {
         $text->addError($text->t("documents.intro") . ' ' . Validate::getLastError($text));
         $valid = false;
     }
     if (!Validate::stringLength($document->getTitle(), Document::TITLE_MIN_LENGTH, Document::TITLE_MAX_LENGTH)) {
         $text->addError($text->t("documents.title") . ' ' . Validate::getLastError($text));
         $valid = false;
     }
     if (!$valid) {
         return;
     }
     $isNew = $document->getId() == 0;
     $documentRepo->saveDocument($document);
     if ($isNew) {
         $text->addMessage($text->t("main.document") . ' ' . $text->t("editor.is_created"));
     } else {
         $text->addMessage($text->t("main.document") . ' ' . $text->t("editor.is_edited"));
     }
 }
Exemple #3
0
 private function updateCategory(CategoryRepository $categoryRepo, Request $request, Text $text)
 {
     $this->category->setName($request->getRequestString("category_name", ""));
     $this->category->setDescriptionHtml($request->getRequestString("category_description", ""));
     $valid = true;
     if (!Validate::stringLength($this->category->getName(), CategoryRepository::NAME_MIN_LENGTH, CategoryRepository::NAME_MAX_LENGTH)) {
         $text->addError($text->t("categories.name") . ' ' . Validate::getLastError($text));
         $valid = false;
     }
     if (!Validate::stringLength($this->category->getDescriptionHtml(), CategoryRepository::DESCRIPTION_MIN_LENGTH, CategoryRepository::DESCRIPTION_MAX_LENGTH)) {
         $text->addError($text->t("categories.description") . ' ' . Validate::getLastError($text));
         $valid = false;
     }
     if ($valid) {
         $newCategory = $this->category->getId() === 0;
         $categoryRepo->saveCategory($this->category);
         // Add a confirmation
         $confirmation = $text->t("main.category") . " " . $text->t("editor.is_edited");
         if ($newCategory) {
             $confirmation = $text->t("main.category") . " " . $text->t("editor.is_created");
         }
         $viewCategory = Link::of($text->getUrlPage("category", $this->category->getId()), $text->t("categories.view_category"));
         $viewCategories = Link::of($text->getUrlpage("category_list"), $text->t("categories.view_all_categories"));
         $text->addMessage($confirmation, $viewCategory, $viewCategories);
     }
 }
Exemple #4
0
 private function validateInput(User $user, $password1, $password2, UserRepository $userRepo, Text $text)
 {
     $valid = true;
     if (!Validate::username($user->getUsername())) {
         $valid = false;
         $text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
     }
     if (!Validate::displayName($user->getDisplayName())) {
         $valid = false;
         $text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
     }
     if (!Validate::password($password1, $password2)) {
         $valid = false;
         $text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
     }
     if (!Validate::email($user->getEmail())) {
         $valid = false;
         $text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
     }
     if ($userRepo->isUsernameInUse($user->getUsername())) {
         // User with that name already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
     }
     if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
         // User with that email already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
     }
     return $valid;
 }
Exemple #5
0
 public function init(Website $website, Request $request)
 {
     $text = $website->getText();
     $articleId = $request->getParamInt(0);
     $showAdminPageLink = $website->isLoggedInAsStaff(true);
     $oArticles = new ArticleRepository($website);
     $article = $oArticles->getArticleOrFail($articleId);
     $this->article = $article;
     $formToken = RequestToken::generateNew();
     $action = $request->getRequestString("action");
     if ($action == "delete" && Validate::requestToken($request)) {
         // Bye bye article
         if ($oArticles->delete($article)) {
             $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_DELETED);
         } else {
             $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_ERROR);
         }
         return;
     } elseif ($action == "make_private" && Validate::requestToken($request)) {
         // Hide article for visitors
         $article->setHidden(true);
         if ($oArticles->saveArticle($article)) {
             $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_HIDDEN);
         } else {
             $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_ERROR);
         }
         return;
     } else {
         // Ask what to do
         $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_CONFIRMATION);
     }
     $formToken->saveToSession();
 }
Exemple #6
0
 private function trySaveMenu(MenuRepository $menuRepo, Text $text)
 {
     if (!Validate::stringLength($this->menu->getName(), 1, MenuRepository::NAME_MAX_LENGTH)) {
         $text->addError($text->t("links.menu") . " " . Validate::getLastError($text));
         return;
     }
     $menuRepo->saveMenu($this->menu);
     $text->addMessage($text->t("links.menu") . " " . $text->t("editor.is_changed"), Link::of($text->getUrlPage("edit_menu", $this->menu->getId()), $text->t("links.menu.go_back")));
 }
Exemple #7
0
 public function init(Website $website, Request $request)
 {
     $linkId = $request->getParamInt(0, 0);
     $linkRepo = new LinkRepository($website->getDatabase());
     $this->link = $linkRepo->getLink($linkId);
     if (Validate::requestToken($request)) {
         $this->deleteLink($linkRepo, $website->getText());
     }
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #8
0
 public function init(Website $website, Request $request)
 {
     $menuId = (int) $website->getConfig()->get(Config::OPTION_MAIN_MENU_ID);
     $menuRepo = new MenuRepository($website->getDatabase());
     $this->menus = $menuRepo->getAllMenus();
     $this->menu = isset($this->menus[$menuId]) ? $this->menus[$menuId] : null;
     if (Validate::requestToken($request)) {
         $this->handleRequest($website, $request);
     }
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #9
0
 private function handleSubmitedForm(Website $website, Request $request)
 {
     $text = $website->getText();
     if (Validate::stringLength($this->menuName, 1, MenuRepository::NAME_MAX_LENGTH)) {
         $menuRepo = new MenuRepository($website->getDatabase());
         $this->menu = Menu::createNew($this->menuName);
         $menuRepo->saveMenu($this->menu);
         $text->addMessage($text->t("links.menu.created"));
     } else {
         $text->addError($text->t("links.menu.name") . ' ' . Validate::getLastError($text));
     }
 }
    public function getPageContent(Website $website, Request $request)
    {
        $show_form = true;
        $textToDisplay = "";
        if (isset($_REQUEST["display_name"])) {
            // Sent
            $display_name = $request->getRequestString("display_name");
            if (Validate::displayName($display_name)) {
                // Valid display_name
                $this->user->setDisplayName($display_name);
                $userRepo = $website->getAuth()->getUserRepository();
                $userRepo->save($this->user);
                // Saved
                $textToDisplay .= '<p>' . $website->t("users.display_name") . ' ' . $website->t("editor.is_changed") . '</p>';
                // Don't show form
                $show_form = false;
            } else {
                // Invalid display_name
                $website->addError($website->t("users.display_name") . ' ' . Validate::getLastError($website));
                $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.display_name", true) . '</em></p>';
            }
        }
        // Show form
        if ($show_form) {
            // Text above form
            $textToDisplay .= "<p>" . $website->t("users.display_name.edit.explained") . "</p>\n";
            if ($this->editing_someone_else) {
                $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
            }
            // Form itself
            $display_name = isset($_POST['display_name']) ? htmlSpecialChars($_POST['display_name']) : $this->user->getDisplayName();
            $textToDisplay .= <<<EOT
                <p>{$website->t("main.fields_required")}</p>
                <form action="{$website->getUrlMain()}" method="post">
                    <p>
                        <label for="display_name">{$website->t('users.display_name')}:</label><span class="required">*</span><br />
                            <input type="text" id="display_name" name="display_name" value="{$display_name}"/><br />
                    </p>
                    <p>
                        <input type="hidden" name="id" value="{$this->user->getId()}" />
                        <input type="hidden" name="p" value="edit_display_name" />
                        <input type="submit" value="{$website->t('users.display_name.edit')} " class="button" />
                    </p>
                </form>
EOT;
        }
        // Links
        $textToDisplay .= $this->get_account_links_html($website);
        return $textToDisplay;
    }
Exemple #11
0
 public function parseData(Website $website, $id)
 {
     $settingsArray = [];
     // Title
     $settingsArray["title"] = trim($website->getRequestString("title_" . $id, ""));
     // Amount
     $settingsArray["amount"] = $website->getRequestInt("amount_" . $id, 5);
     $amount = $settingsArray["amount"];
     if (!Validate::range($amount, self::MIN_COMMENTS, self::MAX_COMMENTS)) {
         $settingsArray["valid"] = false;
         $website->addError($website->t("comments.count") . " " . Validate::getLastError($website));
     }
     return $settingsArray;
 }
Exemple #12
0
 public function init(Website $website, Request $request)
 {
     $this->installedWidgets = $website->getWidgets();
     $widgetId = $request->getParamInt(0, 0);
     $widgetRepo = new WidgetRepository($website);
     $this->placedWidget = $widgetRepo->getPlacedWidget($widgetId);
     if (Validate::requestToken($request)) {
         $widgetRepo->deletePlacedWidget($this->placedWidget);
         $text = $website->getText();
         $text->addMessage($text->t("main.widget") . ' ' . $text->t("editor.is_deleted"), Link::of($text->getUrlPage("edit_document", $this->placedWidget->getDocumentId()), $text->t("main.ok")));
     } else {
         $this->requestToken = RequestToken::generateNew();
         $this->requestToken->saveToSession();
     }
 }
Exemple #13
0
 public function init(Website $website, Request $request)
 {
     $this->title = $website->getConfig()->get("title");
     $this->copyright = $website->getConfig()->get("copyright");
     $this->password = $website->getConfig()->get("password");
     $this->language = $website->getConfig()->get("language");
     $this->user_account_creation = $website->getConfig()->get("user_account_creation");
     if (isset($_REQUEST["submit"]) && Validate::requestToken($request)) {
         $this->save_values($website);
         $this->saved = true;
     }
     // Refresh token
     $this->token = RequestToken::generateNew();
     $this->token->saveToSession();
 }
Exemple #14
0
 private function respondToRequest(LinkRepository $linkRepo, MenuRepository $menuRepo, Text $text, Request $request)
 {
     if (!Validate::requestToken($request)) {
         return;
     }
     $moveLinksToMenuId = $request->getRequestInt("move_option", 0);
     if ($moveLinksToMenuId === 0) {
         $linkRepo->deleteLinksInMenu($this->menu);
     } else {
         $linkRepo->moveLinks($this->menu, $this->allMenus[$moveLinksToMenuId]);
     }
     $menuRepo->deleteMenu($this->menu->getId());
     $text->addMessage($text->t("links.menu") . " " . $text->t("editor.is_deleted"), Link::of($text->getUrlPage("links"), $text->t("links.overview")));
     $this->deleted = true;
 }
Exemple #15
0
 public function init(Website $website, Request $request)
 {
     $documentId = $request->getParamInt(0, 0);
     $documentRepo = new DocumentRepository($website->getDatabase(), true);
     $this->document = $documentRepo->getDocument($documentId);
     if (Validate::requestToken($request)) {
         $widgetRepo = new WidgetRepository($website);
         $documentRepo->deleteDocument($this->document, $widgetRepo);
         $text = $website->getText();
         $text->addMessage($text->t("main.document") . ' ' . $text->t("editor.is_deleted"));
         $this->deleted = true;
     }
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #16
0
 public function init(Website $website, Request $request)
 {
     parent::init($website, $request);
     $themeManager = $website->getThemeManager();
     if (!$themeManager->canSwitchThemes()) {
         $this->sendThemeSwitchError($website->getText());
     } else {
         if (Validate::requestToken($request)) {
             $this->trySwitchTheme($themeManager, $website->getText(), $request);
         }
     }
     $this->availableThemes = $themeManager->getAllThemes();
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #17
0
    public function getPageContent(Website $website, Request $request)
    {
        $show_form = true;
        $textToDisplay = "";
        if ($request->hasRequestValue("email")) {
            // Sent
            $email = $request->getRequestString("email");
            if (Validate::email($email)) {
                // Valid email
                $this->user->setEmail($email);
                $userRepo = $website->getAuth()->getUserRepository();
                $userRepo->save($this->user);
                // Saved
                $textToDisplay .= '<p>' . $website->t("users.email") . ' ' . $website->t("editor.is_changed") . '</p>';
                // Don't show form
                $show_form = false;
            } else {
                // Invalid email
                $website->addError($website->t("users.email") . ' ' . Validate::getLastError($website));
                $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.email", true) . '</em></p>';
            }
        }
        // Show form
        if ($show_form) {
            // Text above form
            $textToDisplay .= "<p>" . $website->t("users.email.edit.explained") . "</p>\n";
            if ($this->editing_someone_else) {
                $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
            }
            // Form itself
            $email = htmlSpecialChars($request->getRequestString("email", $this->user->getEmail()));
            $textToDisplay .= <<<EOT
                <form action="{$website->getUrlMain()}" method="post">
                    <p>
                        <label for="email">{$website->t('users.email')}:</label><br /><input type="text" id="email" name="email" value="{$email}"/><br />
                    </p>
                    <p>
                        <input type="hidden" name="id" value="{$this->user->getId()}" />
                        <input type="hidden" name="p" value="edit_email" />
                        <input type="submit" value="{$website->t('users.email.edit')} " class="button" />
                    </p>
                </form>
EOT;
        }
        // Links
        $textToDisplay .= $this->get_account_links_html($website);
        return $textToDisplay;
    }
Exemple #18
0
 public function init(Website $website, Request $request)
 {
     $categoriesRepo = new CategoryRepository($website->getDatabase());
     $categoryId = $request->getParamInt(0, 0);
     $this->category = $categoriesRepo->getCategory($categoryId);
     if ($this->category->isStandardCategory()) {
         $text = $website->getText();
         $editCategory = Link::of($text->getUrlPage("edit_category", $this->category->getId()), $text->t("categories.edit"));
         $viewAll = Link::of($text->getUrlPage("category_list"), $text->t("categories.view_all"));
         $text->addError($text->t("categories.delete.cannot_remove_default"), $editCategory, $viewAll);
         return;
     }
     if (Validate::requestToken($request)) {
         $articlesRepo = new ArticleRepository($website);
         $this->deleteCategory($categoriesRepo, $articlesRepo, $website->getText());
     }
     $this->requestToken = RequestToken::generateNew();
     $this->requestToken->saveToSession();
 }
Exemple #19
0
 /**
  * Validates a comment for saving to the database.
  * @param Comment $comment The comment.
  * @param Text $text Errors go here.
  * @return boolean True if the comment is valid, false otherwise.
  */
 public function validateComment(Comment $comment, Text $text)
 {
     $valid = true;
     if (!Validate::stringLength($comment->getBodyRaw(), Comment::BODY_MIN_LENGTH, Comment::BODY_MAX_LENGTH)) {
         $text->addError($text->t("comments.comment") . " " . Validate::getLastError($text));
         $valid = false;
     }
     if ($comment->isByVisitor()) {
         if (!Validate::email($comment->getUserEmail())) {
             $text->addError($text->t("users.email") . " " . Validate::getLastError($text));
             $valid = false;
         }
         if (!Validate::displayName($comment->getUserDisplayName())) {
             $text->addError($text->t("users.name") . " " . Validate::getLastError($text));
             $valid = false;
         }
     }
     return $valid;
 }
Exemple #20
0
 private function handleRequest(Text $text, Request $request, LinkRepository $linkRepo)
 {
     $valid = true;
     $linkText = $request->getRequestString("link_text", "");
     $this->link->setText($linkText);
     if (!Validate::nameOfLink($linkText)) {
         $text->addError($this->t("links.text") . " " . Validate::getLastError($text));
         $valid = false;
     }
     $url = $request->getRequestString("link_url", "");
     if (Validate::url($url)) {
         $this->link->setUrl(new Uri($url));
     } else {
         $text->addError($text->t("links.url") . " " . Validate::getLastError($text));
         $valid = false;
     }
     if ($valid) {
         $linkRepo->saveLink($this->link);
         $text->addMessage($text->t("main.link") . ' ' . $text->t("editor.is_edited"), Link::of($text->getUrlPage("edit_menu", $this->link->getMenuId()), $text->t("links.menu.go_back")));
     }
 }
Exemple #21
0
 private function saveLink(Website $website)
 {
     $text = $website->getText();
     $valid = true;
     if (!Validate::url($this->linkUrl)) {
         $text->addError($text->t("links.url") . " " . Validate::getLastError($text));
         $valid = false;
     }
     if (!Validate::stringLength($this->linkName, 1, LinkRepository::MAX_LINK_TEXT_LENGTH)) {
         $text->addError($text->t("links.text") . " " . Validate::getLastError($text));
         $valid = false;
     }
     if (!$valid) {
         return;
     }
     $link = Link::createSaveable(0, $this->menu->getId(), new Uri($this->linkUrl), $this->linkName);
     $linkRepo = new LinkRepository($website->getDatabase());
     $linkRepo->saveLink($link);
     $text->addMessage($text->t("main.link") . " " . $text->t("editor.is_created"), Link::of($text->getUrlPage("add_link", $this->menu->getId()), $text->t("links.create_another")));
     $this->addedLink = true;
 }
Exemple #22
0
 public function init(Website $website, Request $request)
 {
     $commentId = $request->getParamInt(0, 0);
     $repo = new CommentRepository($website->getDatabase());
     $this->comment = $repo->getCommentOrFail($commentId);
     $user = $website->getAuth()->getCurrentUser();
     // Check if user is allowed to delete this comment
     if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) {
         throw new NotFoundException();
     }
     // Check if form was submitted
     if (Validate::requestToken($request)) {
         $repo->deleteComment($commentId);
         $text = $website->getText();
         $articleLink = $text->getUrlPage("article", $this->comment->getArticleId());
         $text->addMessage($text->t("comments.comment") . ' ' . $text->t("editor.is_deleted"), Link::of($articleLink, $text->t("main.ok")));
     } else {
         $this->requestToken = RequestToken::generateNew();
         $this->requestToken->saveToSession();
     }
 }
Exemple #23
0
 public function init(Website $website, Request $request)
 {
     $text = $website->getText();
     $currentUser = $website->getAuth()->getCurrentUser();
     $articleId = $request->getParamInt(0);
     $articleRepository = new ArticleRepository($website);
     $article = $this->getArticle($articleRepository, $currentUser, $articleId);
     $articleEditor = new ArticleEditor($article);
     $this->articleEditor = $articleEditor;
     $categoryRepository = new CategoryRepository($website->getDatabase());
     $this->allCategories = $categoryRepository->getCategories();
     $this->richEditor = new CKEditor($website->getText(), $website->getConfig(), $website->getThemeManager());
     // Validate token, then save new one to session
     $validToken = Validate::requestToken($request);
     $this->token = RequestToken::generateNew();
     $this->token->saveToSession();
     // Now check input
     if (!$articleEditor->processInput($website->getText(), $request, $categoryRepository)) {
         return;
     }
     if ($request->hasRequestValue("submit") && $validToken) {
         // Try to save
         $article = $articleEditor->getArticle();
         if ($articleRepository->saveArticle($article)) {
             $viewArticleLink = Link::of($website->getUrlPage("article", $article->getId()), $website->t("articles.view"));
             if ($articleId == 0) {
                 // New article created
                 $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_created"), $viewArticleLink);
             } else {
                 // Article updated
                 $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_edited"), $viewArticleLink);
             }
             // Check for redirect
             if ($request->getRequestString("submit") == $website->t("editor.save_and_quit")) {
                 $this->redirectUrl = $website->getUrlPage("article", $article->getId());
             }
         }
     }
 }
Exemple #24
0
 public function init(Website $website, Request $request)
 {
     $text = $website->getText();
     $this->requestToken = RequestToken::generateNew();
     $commentId = $request->getParamInt(0, 0);
     $auth = $website->getAuth();
     $user = $auth->getCurrentUser();
     $repo = new CommentRepository($website->getDatabase());
     $this->comment = $repo->getCommentOrFail($commentId);
     if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) {
         // Can only edit own comment unless moderator
         throw new NotFoundException();
     }
     if ($request->hasRequestValue("submit") && Validate::requestToken($request)) {
         // Validate and save comment
         $this->updateCommentFromRequest($this->comment, $request);
         if ($repo->validateComment($this->comment, $text)) {
             $repo->saveComment($this->comment);
             $this->redirectLink = $this->comment->getUrl($text);
         }
     }
     $this->requestToken->saveToSession();
 }
Exemple #25
0
 public function init(Website $website, Request $request)
 {
     $text = $website->getText();
     $this->requestToken = RequestToken::generateNew();
     $articleId = $request->getParamInt(0, 0);
     $articleRepo = new ArticleRepository($website);
     $article = $articleRepo->getArticleOrFail($articleId);
     if (!$article->showComments) {
         $text->addError($text->t("comments.commenting_not_allowed_on_article"));
         return;
     }
     $user = $website->getAuth()->getCurrentUser();
     $this->comment = $this->fetchComment($request, $article, $user);
     if ($request->hasRequestValue("submit") && Validate::requestToken($request)) {
         // Validate and save comment
         $repo = new CommentRepository($website->getDatabase());
         if ($repo->validateComment($this->comment, $text)) {
             $repo->saveComment($this->comment);
             $this->redirectLink = $this->comment->getUrl($text);
         }
     }
     $this->requestToken->saveToSession();
 }
 private function validateInput(User $user, $password, Authentication $auth, UserRepository $userRepo, Text $text)
 {
     $valid = true;
     if (!Validate::username($user->getUsername())) {
         $valid = false;
         $text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
     }
     if (!Validate::displayName($user->getDisplayName())) {
         $valid = false;
         $text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
     }
     if (!Validate::password($password, $password)) {
         $valid = false;
         $text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
     }
     if (!Validate::email($user->getEmail())) {
         $valid = false;
         $text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
     }
     if ($userRepo->isUsernameInUse($user->getUsername())) {
         // User with that name already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
     }
     if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
         // User with that email already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
     }
     if (!$auth->isValidRankForAccounts($user->getRank())) {
         // Invlaid rank
         $valid = false;
         $text->addError($text->t("users.the_rank") . " " . $text->t("errors.is_invalid"));
     }
     return $valid;
 }
Exemple #27
0
 public function init(Website $website, Request $request)
 {
     $text = $website->getText();
     $widgetId = $request->getParamInt(0);
     $moveUp = $request->getRequestString("direction", "up") === "up";
     $widgetRepository = new WidgetRepository($website);
     $this->placedWidget = $widgetRepository->getPlacedWidget($widgetId);
     $this->installedWidgets = $website->getWidgets();
     if (Validate::requestToken($request)) {
         // move
         $this->moveWidget($widgetRepository, $moveUp);
         $this->redirectUrl = $text->getUrlPage("edit_document", $this->placedWidget->getDocumentId());
     } else {
         $text->addError(Validate::getLastError($text));
         $linkText = $text->t("widgets.move_down");
         if ($moveUp) {
             $linkText = $text->t("widgets.move_up");
         }
         // Generate new request token, allowing user to perform action again
         $newRequestToken = RequestToken::generateNew();
         $this->moveLink = Link::of($text->getUrlPage("move_widget", $widgetId, ["direction" => $moveUp ? "up" : "down", RequestToken::FIELD_NAME => $newRequestToken->getTokenString()]), $linkText);
         $newRequestToken->saveToSession();
     }
 }
Exemple #28
0
 public static function url($linkUrl)
 {
     try {
         new Uri($linkUrl);
     } catch (InvalidArgumentException $e) {
         Validate::setError("not_a_valid_web_address");
         return false;
     }
     return self::stringLength($linkUrl, 1, LinkRepository::MAX_URL_LENGTH);
 }
Exemple #29
0
    public function getPageContent(Website $website, Request $request)
    {
        $show_form = true;
        $textToDisplay = "";
        if ($request->hasRequestValue("password")) {
            // Sent
            $old_password = $request->getRequestString("old_password");
            if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) {
                // Old password entered correctly
                $password = $request->getRequestString("password");
                $password2 = $request->getRequestString("password2");
                if (Validate::password($password, $password2)) {
                    // Valid password
                    $this->user->setPassword($password);
                    $userRepo = $website->getAuth()->getUserRepository();
                    $userRepo->save($this->user);
                    // Saved
                    $textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>';
                    // Update login cookie (only when changing your own password)
                    if (!$this->editing_someone_else) {
                        $website->getAuth()->setLoginCookie();
                    }
                    // Don't show form
                    $show_form = false;
                } else {
                    // Invalid new password
                    $website->addError($website->t("users.password") . ' ' . Validate::getLastError($website));
                    $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
                }
            } else {
                // Invalid old password
                $website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct"));
                $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
            }
        }
        // Show form
        if ($show_form) {
            // Text above form
            $textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n";
            if ($this->editing_someone_else) {
                $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
            }
            // Form itself
            $old_password_text = "";
            if (!$this->editing_someone_else) {
                // Add field to verify old password when editing yourself
                $old_password_text = <<<EOT
                    <label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br />
                    <input type="password" id="old_password" name="old_password" value=""/><br />
EOT;
            }
            $textToDisplay .= <<<EOT
                <p>{$website->t("main.fields_required")}</p>
                <form action="{$website->getUrlMain()}" method="post">
                    <p>
                        {$old_password_text}
                        <label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br />
                        <input type="password" id="password" name="password" value=""/><br />
                        <label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br />
                        <input type="password" id="password2" name="password2" value=""/><br />
                    </p>
                    <p>
                        <input type="hidden" name="p" value="edit_password" />
                        <input type="hidden" name="id" value="{$this->user->getId()}" />
                        <input type="submit" value="{$website->t('users.password.edit')} " class="button" />
                    </p>
                </form>
EOT;
        }
        // Links
        $textToDisplay .= $this->get_account_links_html($website);
        return $textToDisplay;
    }
    public function getPageContent(Website $website, Request $request)
    {
        // Don't allow to edit your own status (why would admins want to downgrade
        // themselves?)
        if (!$this->editing_someone_else) {
            $website->addError($website->t("users.account") . " " . $website->t("errors.not_editable"));
            return "";
        }
        $show_form = true;
        $textToDisplay = "";
        if ($request->hasRequestValue("status")) {
            // Sent
            $status = $request->getRequestInt("status");
            $status_text = $request->getRequestString("status_text");
            $oAuth = $website->getAuth();
            $valid = true;
            // Check status id
            if (!$oAuth->isValidStatus($status)) {
                $website->addError($website->t("users.status") . ' ' . $website->t("errors.not_found"));
                $valid = false;
            }
            // Check status text
            if (!Validate::stringLength($status_text, 1, self::MAXIMUM_STATUS_TEXT_LENGTH)) {
                $website->addError($website->t("users.status_text") . " " . Validate::getLastError($website));
                $valid = false;
            }
            if ($valid) {
                // Valid status
                $this->user->setStatus($status);
                $this->user->setStatusText($status_text);
                $oAuth->getUserRepository()->save($this->user);
                // Saved
                $textToDisplay .= '<p>' . $website->t("users.status") . ' ' . $website->t("editor.is_changed") . '</p>';
                // Don't show form
                $show_form = false;
            } else {
                // Invalid status
                $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.status", true) . '</em></p>';
            }
        }
        // Show form
        if ($show_form) {
            // Variables
            $status = $website->getRequestInt("status", $this->user->getStatus());
            $statuses = array(Authentication::STATUS_NORMAL, Authentication::STATUS_BANNED, Authentication::STATUS_DELETED);
            $status_text = htmlSpecialChars($request->getRequestString("status_text", $this->user->getStatusText()));
            // Form itself
            $textToDisplay .= <<<EOT
                <p>
                    {$website->t("users.status.edit.explained")}
                    {$website->tReplaced("accounts.edit_other", "<strong>" . $this->user->getDisplayName() . "</strong>")}
                </p>  
                <p>
                    {$website->t("main.fields_required")}
                </p>
                <form action="{$website->getUrlMain()}" method="get">
                    <p>
                        <label for="status">{$website->t("users.status")}</label>:<span class="required">*</span><br />
                        {$this->get_statuses_box_html($website->getAuth(), $statuses, $status)}
                    </p>
                    <p>
                        <label for="status_text">{$website->t("users.status_text")}</label>:<span class="required">*</span><br />
                        <input type="text" name="status_text" id="status_text" size="80" value="{$status_text}" />
                    </p>
                    <p>
                        <input type="hidden" name="p" value="edit_account_status" />
                        <input type="hidden" name="id" value="{$this->user->getId()}" />
                        <input type="submit" value="{$website->t('editor.save')} " class="button" />
                    </p>
                </form>
EOT;
        }
        // Links
        $textToDisplay .= $this->get_account_links_html($website);
        return $textToDisplay;
    }