public function action()
{
if (!isset($_POST['items']) || !is_array($_POST['items']) || !empty($_POST['items'])) {
return;
}
$checked = @array_keys($_POST['items']);
if (is_array($checked) && !empty($checked)) {
if ($_POST['with-selected'] == 'delete-members') {
foreach ($checked as $role_id) {
$this->__deleteMembers($role_id);
}
} elseif ($_POST['with-selected'] == 'delete') {
foreach ($checked as $role_id) {
$this->__deleteMembers($role_id);
ASDCLoader::instance()->query("DELETE FROM `tbl_members_roles` WHERE `id` = {$role_id}");
ASDCLoader::instance()->query("DELETE FROM `tbl_members_roles_forbidden_pages` WHERE `role_id` = {$role_id}");
ASDCLoader::instance()->query("DELETE FROM `tbl_members_roles_event_permissions` WHERE `role_id` = {$role_id}");
}
} elseif (preg_match('/move::(\\d+)/i', $_POST['with-selected'], $match)) {
$target_role = $match[1];
if (!($replacement = $this->_driver->fetchRole($target_role))) {
die("no such target role");
}
foreach ($checked as $role_id) {
if ($role_id == $target_role) {
continue;
}
ASDCLoader::instance()->query(sprintf("UPDATE `tbl_entries_data_%d` SET `role_id` = %d WHERE `role_id` = %d", $this->_driver->roleField(), $target_role, $role_id));
}
}
}
}
public function grab(&$param_pool)
{
self::__init();
$result = new XMLElement($this->dsParamROOTELEMENT);
$rows = Symphony::Database()->fetch("SELECT *\n\t\t\t\tFROM `tbl_sessions` \n\t\t\t\tWHERE `session_data` != 'sym-|a:0:{}sym-members|a:0:{}' \n\t\t\t\tAND `session_data` REGEXP 'sym-members'\n\t\t\t\tAND `session_expires` > (UNIX_TIMESTAMP() - " . self::AGE . ") \n\t\t\t\tORDER BY `session_expires` DESC");
$added = array();
if (count($rows) > 0) {
foreach ($rows as $r) {
$raw = $r['session_data'];
$data = self::session_real_decode($raw);
if (!isset($data['sym-members'])) {
continue;
}
$record = ASDCLoader::instance()->query(sprintf("SELECT\n\t\t\t\t\t\t\t\temail.value AS `email`,\n\t\t\t\t\t\t\t\tMD5(email.value) AS `hash`,\n\t\t\t\t\t\t\t\tcreated_by.username AS `username`\n\t\t\t\t\t\t\n\t\t\t\t\t\t\tFROM `tbl_entries_data_%d` AS `created_by`\n\t\t\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `email` ON created_by.member_id = email.entry_id\n\t\t\t\t\t\t\tWHERE `created_by`.username = '******'\n\t\t\t\t\t\t\tLIMIT 1", self::findFieldID('created-by', 'comments'), self::findFieldID('email-address', 'members'), ASDCLoader::instance()->escape($data['sym-members']['username'])));
if ($record->length() == 0) {
continue;
}
$member = $record->current();
// This is so we dont end up with accidental duplicates. No way to select
// distinct via the SQL since we grab raw session data
if (in_array($member->username, $added)) {
continue;
}
$added[] = $member->username;
$result->appendChild(new XMLElement('member', General::sanitize($member->username), array('email-hash' => $member->hash)));
}
} else {
$result->setValue('No Records Found.');
//This should never happen!
}
return $result;
}
protected function __trigger()
{
$result = new XMLElement(self::ROOTELEMENT);
$success = false;
self::__init();
$db = ASDCLoader::instance();
$Members = $this->_Parent->ExtensionManager->create('members');
$Members->initialiseCookie();
if ($Members->isLoggedIn() !== true) {
$result->appendChild(new XMLElement('error', 'Must be logged in.'));
$result->setAttribute('status', 'error');
return $result;
}
$Members->initialiseMemberObject();
// Make sure we dont accidently use an expired code
extension_Members::purgeCodes();
$em = new EntryManager($this->_Parent);
$entry = end($em->fetch((int) $Members->Member->get('id')));
$email = $entry->getData(self::findFieldID('email-address', 'members'));
$name = $entry->getData(self::findFieldID('name', 'members'));
$success = $Members->emailNewMember(array('entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value'])));
if ($success == true && isset($_REQUEST['redirect'])) {
redirect($_REQUEST['redirect']);
}
$result->setAttribute('result', $success === true ? 'success' : 'error');
return $result;
}
protected function __trigger()
{
self::__init();
$db = ASDCLoader::instance();
$success = false;
$Members = $this->_Parent->ExtensionManager->create('members');
$Members->initialiseCookie();
if ($Members->isLoggedIn() !== true) {
redirect(URL . '/forbidden/');
}
$Members->initialiseMemberObject();
// Make sure we dont accidently use an expired token
extension_Members::purgeCodes();
$activation_row = $db->query(sprintf("SELECT * FROM `tbl_members_codes` WHERE `token` = '%s' AND `member_id` = %d LIMIT 1", $db->escape($_POST['fields']['code']), (int) $Members->Member->get('id')))->current();
// No code, you are a spy!
if ($activation_row === false) {
redirect(URL . '/members/activate/failed/');
}
// Got this far, all is well.
$db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `role_id` = %d WHERE `entry_id` = %d LIMIT 1", $Members->roleField(), 3, (int) $Members->Member->get('id')));
extension_Members::purgeTokens((int) $Members->Member->get('id'));
$em = new EntryManager($this->_Parent);
$entry = end($em->fetch((int) $Members->Member->get('id')));
$email = $entry->getData(self::findFieldID('email-address', 'members'));
$name = $entry->getData(self::findFieldID('name', 'members'));
$Members->emailNewMember(array('section' => $Members->memberSectionHandle(), 'entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value'])));
redirect(URL . '/members/activate/success/');
}
public function grab(&$param_pool)
{
$result = new XMLElement($this->dsParamROOTELEMENT);
self::__init();
$db = ASDCLoader::instance();
$sql = "SELECT SQL_CALC_FOUND_ROWS \n\t\t\t\t\t\tpinned.entry_id AS `id`, \n\t\t\t\t\t\tpinned.value AS `pinned`, \n\t\t\t\t\t\tclosed.value AS `closed`, \n\t\t\t\t\t\tcreation_date.local AS `creation-date`,\n\t\t\t\t\t\tlast_active.local AS `last-active`,\t\t\t\t\t\t\t\n\t\t\t\t\t\tcreated_by.member_id AS `created-by-member-id`,\n\t\t\t\t\t\tcreated_by.username AS `created-by-username`,\n\t\t\t\t\t\tlast_post.member_id AS `last-post-member-id`,\n\t\t\t\t\t\tlast_post.username AS `last-post-username`,\t\t\t\t\t\t\t\n\t\t\t\t\t\ttopic.value AS `topic`,\n\t\t\t\t\t\tCOUNT(comments.relation_id) AS `comments`\n\t\t\t\t\t\n\t\t\t\t\tFROM `tbl_entries_data_%d` AS `pinned`\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `closed` ON pinned.entry_id = closed.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `creation_date` ON pinned.entry_id = creation_date.entry_id\t\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `last_active` ON pinned.entry_id = last_active.entry_id\t\t\t\t\t\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `created_by` ON pinned.entry_id = created_by.entry_id\t\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `last_post` ON pinned.entry_id = last_post.entry_id\t\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `topic` ON pinned.entry_id = topic.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `comments` ON pinned.entry_id = comments.relation_id\n\t\t\t\t\tWHERE 1 %s\n\t\t\t\t\tGROUP BY pinned.entry_id\n\t\t\t\t\tORDER BY pinned.value ASC, last_active.local DESC\n\t\t\t\t\tLIMIT %d, %d";
try {
$rows = $db->query(sprintf($sql, self::findFieldID('pinned', 'discussions'), self::findFieldID('closed', 'discussions'), self::findFieldID('creation-date', 'discussions'), self::findFieldID('last-active', 'discussions'), self::findFieldID('created-by', 'discussions'), self::findFieldID('last-post', 'discussions'), self::findFieldID('topic', 'discussions'), self::findFieldID('parent-id', 'comments'), isset($this->dsParamFILTERS['id']) && (int) $this->dsParamFILTERS['id'] > 0 ? " AND pinned.entry_id = " . (int) $this->dsParamFILTERS['id'] : NULL, max(0, ($this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT), $this->dsParamLIMIT));
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query %s', $db->lastError()))));
return $result;
}
if ($rows->length() == 0 && strlen(trim($dsParamFILTERS['id'])) > 0) {
$this->__redirectToErrorPage();
} elseif ($rows->length() == 0) {
return $this->emptyXMLSet();
}
$total = $db->query('SELECT FOUND_ROWS() AS `total`;')->current()->total;
$result->prependChild(General::buildPaginationElement($total, ceil($total * (1 / $this->dsParamLIMIT)), $this->dsParamLIMIT, $this->dsParamSTARTPAGE));
/*
stdClass Object
(
[id] => 666
[pinned] => yes
[closed] => no
[creation-date] => 1233599808
[last-active] => 1237161637
[created-by-member-id] => 2126
[created-by-username] => Lewis
[last-post-member-id] => 2126
[last-post-username] => Lewis
[topic] => Symphony 2 Documentation
[comments] => 18
)
<entry id="595" comments="7">
<created-by id="2150">newnomad</created-by>
<closed>No</closed>
<last-active time="18:30" weekday="1">2009-02-09</last-active>
<last-post id="2150">newnomad</last-post>
<pinned>No</pinned>
<topic handle="viewing-feeds">viewing feeds</topic>
<creation-date time="19:31" weekday="3">2009-01-07</creation-date>
</entry>
*/
$param_pool['ds-' . $this->dsParamROOTELEMENT] = DatabaseUtilities::resultColumn($rows, 'id');
foreach ($rows as $r) {
$entry = new XMLElement('entry', NULL, array('id' => $r->id, 'comments' => $r->comments));
$entry->appendChild(new XMLElement('created-by', General::sanitize($r->{'created-by-username'}), array('id' => $r->{'created-by-member-id'})));
$entry->appendChild(new XMLElement('last-post', General::sanitize($r->{'last-post-username'}), array('id' => $r->{'last-post-member-id'})));
$entry->appendChild(new XMLElement('closed', ucfirst($r->closed)));
$entry->appendChild(new XMLElement('pinned', ucfirst($r->pinned)));
$entry->appendChild(new XMLElement('topic', General::sanitize($r->topic)));
$entry->appendChild(General::createXMLDateObject($r->{'creation-date'}, 'creation-date'));
$entry->appendChild(General::createXMLDateObject($r->{'last-active'}, 'last-active'));
$result->appendChild($entry);
}
return $result;
}
public function grab(&$param_pool)
{
self::__init();
/*
var $dsParamINCLUDEDELEMENTS = array(
'system:pagination',
'comment',
'date',
'created-by'
);
<pagination total-entries="28" total-pages="2" entries-per-page="20" current-page="2" />
<section id="39" handle="comments">Comments</section>
*/
$result = new XMLElement($this->dsParamROOTELEMENT);
try {
$comments = ASDCLoader::instance()->query(sprintf("SELECT SQL_CALC_FOUND_ROWS\n\t\t\t\t\t\t\tcomment.entry_id AS `id`,\n\t\t\t\t\t\t\tcomment.value_formatted AS `comment`, \n\t\t\t\t\t\t\tcreated_by.member_id, \n\t\t\t\t\t\t\tcreated_by.username, \n\t\t\t\t\t\t\tdate.local AS `date`,\n\t\t\t\t\t\t\temail.value AS `email`\n\n\t\t\t\t\t\tFROM `tbl_entries_data_%d` AS `comment`\n\t\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `created_by` ON comment.entry_id = created_by.entry_id\n\t\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `date` ON comment.entry_id = date.entry_id\n\t\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `email` ON created_by.member_id = email.entry_id\n\t\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `discussion` ON comment.entry_id = discussion.entry_id\n\t\t\t\t\t\tWHERE discussion.relation_id = %d\n\t\t\t\t\t\tORDER BY date.local ASC\n\t\t\t\t\t\tLIMIT %d, %d", self::findFieldID('comment', 'comments'), self::findFieldID('created-by', 'comments'), self::findFieldID('date', 'comments'), self::findFieldID('email-address', 'members'), self::findFieldID('parent-id', 'comments'), (int) $this->dsParamFILTERS['discussion_id'], max(0, ($this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT), (int) $this->dsParamLIMIT));
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query %s', ASDCLoader::instance()->lastError()))));
return $result;
}
if ($comments->length() == 0) {
$this->__redirectToErrorPage();
}
$total = ASDCLoader::instance()->query('SELECT FOUND_ROWS() AS `total`;')->current()->total;
$result->prependChild(General::buildPaginationElement($total, ceil($total * (1 / $this->dsParamLIMIT)), $this->dsParamLIMIT, $this->dsParamSTARTPAGE));
foreach ($comments as $c) {
/*
stdClass Object
(
[id] => 20589
[comment] => <p>blah blah</p>
[member_id] => 2103
[username] => Alistair
[date] => 1241576727
[email] => alistair@21degrees.com.au
)
<entry id="20515">
<date time="01:32" weekday="3">2009-05-06</date>
<comment word-count="6"><p>This site looks awesome guys! Congrats!</p></comment>
<created-by id="2694">davethegr8</created-by>
</entry>
*/
$entry = new XMLElement('entry', NULL, array('id' => $c->id));
$entry->appendChild(new XMLElement('created-by', General::sanitize($c->username), array('email-address-hash' => md5($c->email), 'email-address' => General::sanitize($c->email), 'id' => $c->member_id)));
$entry->appendChild(General::createXMLDateObject($c->date, 'date'));
$c->comment = str_replace(array('<script', '</script'), array('<script', '</script'), $c->comment);
$entry->appendChild(new XMLElement('comment', trim($c->comment)));
$result->appendChild($entry);
}
return $result;
}
protected function __trigger()
{
$role_field_handle = ASDCLoader::instance()->query(sprintf("SELECT `element_name` FROM `tbl_fields` WHERE `type` = 'memberrole' AND `parent_section` = %d LIMIT 1", extension_Members::memberSectionID()))->current()->element_name;
$role_id = Symphony::Configuration()->get('new_member_default_role', 'members');
if (Symphony::Configuration()->get('require_activation', 'members') == 'yes') {
$role_id = extension_Members::INACTIVE_ROLE_ID;
}
$_POST['fields'][$role_field_handle] = $role_id;
include TOOLKIT . '/events/event.section.php';
return $result;
}
public static function instance($enableProfiling = false)
{
if ($enableProfiling === true) {
if (!self::$_connectionProfiled instanceof ASDCMySQLProfiler) {
self::$_connectionProfiled = self::__init(true);
}
return self::$_connectionProfiled;
}
if (!self::$_connection instanceof ASDCMySQL) {
self::$_connection = self::__init();
}
return self::$_connection;
}
private function __search($query)
{
$result = new XMLElement($this->dsParamROOTELEMENT);
if (strlen(trim($query)) == 0) {
return $this->emptyXMLSet($result);
}
$db = ASDCLoader::instance();
$result->appendChild(new XMLElement('query-string', General::sanitize($query), array('encoded' => urlencode($query))));
$sql = "SELECT SQL_CALC_FOUND_ROWS \n\t\t\t\t\t\tMATCH(comment.value) AGAINST ('%6\$s') AS `score`,\n\t\t\t\t\t\tcomment.entry_id AS `id`,\n\t\t\t\t\t\tdate.local AS `date`,\n\t\t\t\t\t\tcomment.value_formatted AS `description`,\n\t\t\t\t\t\tmember.member_id AS `member-id`, \n\t\t\t\t\t\tmember.username AS `username`,\n\t\t\t\t\t\ttopic.value AS `topic`,\n\t\t\t\t\t\tparent.relation_id AS `discussion-id`\n\t\t\t\t\t\t\n\t\t\t\t\tFROM `tbl_entries_data_%1\$d` AS `date`\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%2\$d` AS `comment` ON date.entry_id = comment.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%3\$d` AS `member` ON date.entry_id = member.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%4\$d` AS `parent` ON date.entry_id = parent.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%5\$d` AS `topic` ON parent.relation_id = topic.entry_id\n\n\t\t\t\t\tWHERE MATCH(comment.value) AGAINST ('%6\$s')\n\t\t\t\t\tORDER BY `score` DESC\n\t\t\t\t\tLIMIT %7\$d, %8\$d";
//MATCH(comment.value) AGAINST ('%s') AS `score`,
//OR MATCH(comment.value) AGAINST ('%1\$s')
//WITH QUERY EXPANSION
//member.username = '******' OR comment.value LIKE '%%%6\$s%%' OR topic.value LIKE '%%%6\$s%%'
try {
$rows = $db->query(sprintf($sql, self::findFieldID('date', 'comments'), self::findFieldID('comment', 'comments'), self::findFieldID('created-by', 'comments'), self::findFieldID('parent-id', 'comments'), self::findFieldID('topic', 'discussions'), $db->escape($query), max(0, ($this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT), $this->dsParamLIMIT));
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query %s', $db->lastError()))));
return $result;
}
if ($rows->length() == 0) {
return $this->emptyXMLSet($result);
}
$total = $db->query('SELECT FOUND_ROWS() AS `total`;')->current()->total;
$result->prependChild(General::buildPaginationElement($total, ceil($total * (1 / $this->dsParamLIMIT)), $this->dsParamLIMIT, $this->dsParamSTARTPAGE));
/*
<entry id="19753">
<name>Section Schema</name>
<member id="2101">Allen</member>
<description><p>Sect ... ollow).</p></description>
</entry>
*/
foreach ($rows as $r) {
$entry = new XMLElement('entry', NULL, array('discussion-id' => $r->{'discussion-id'}, 'id' => $r->id, 'score' => number_format($r->score, 3)));
// Topic
$entry->appendChild(new XMLElement('topic', General::sanitize($r->topic)));
// Date
$entry->appendChild(General::createXMLDateObject($r->date, 'date'));
// Member
$entry->appendChild(new XMLElement('member', General::sanitize($r->{'username'}), array('id' => $r->{'member-id'})));
// Comment
$entry->appendChild(new XMLElement('comment', trim($r->description)));
$result->appendChild($entry);
}
return $result;
}
public static function associateParent($parent, $initialise_em = true, $initialise_sm = true)
{
$ASDC_locations = array(EXTENSIONS . '/asdc/lib/class.asdc.php', WORKSPACE . "/api/class.asdc.php");
// Plug in in the ASDC class
foreach ($ASDC_locations as $location) {
if (file_exists($location)) {
require_once $location;
break;
}
}
self::$ASDC = ASDCLoader::instance();
// Standard symphony init
if ($initialise_sm) {
self::$sm = new SectionManager($parent);
}
if ($initialise_em) {
self::$em = new EntryManager($parent);
}
}
protected function __trigger()
{
self::__init();
$db = ASDCLoader::instance();
$success = false;
$Members = $this->_Parent->ExtensionManager->create('members');
$Members->initialiseCookie();
if ($Members->isLoggedIn() !== true) {
redirect(URL . '/forbidden/');
}
$Members->initialiseMemberObject();
// Make sure we dont accidently use an expired token
extension_Members::purgeCodes();
$em = new EntryManager($this->_Parent);
$entry = end($em->fetch((int) $Members->Member->get('id')));
$email = $entry->getData(self::findFieldID('email-address', 'members'));
$name = $entry->getData(self::findFieldID('name', 'members'));
$Members->emailNewMember(array('section' => $Members->memberSectionHandle(), 'entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value'])));
redirect(URL . '/members/activate/sent/');
}
public function grab(&$param_pool)
{
$result = new XMLElement($this->dsParamROOTELEMENT);
$current_page_id = (int) $this->_env['param']['current-page-id'];
$db = ASDCLoader::instance();
try {
$results = $db->query("SELECT * FROM `tbl_pages` WHERE `id` = '{$current_page_id}' LIMIT 1");
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query "%s"', $db->lastError()))));
return $result;
}
while ($results->length() > 0) {
$current = $results->current();
$result->prependChild(new XMLElement('page', $current->title, array('path' => trim("{$current->path}/{$current->handle}", '/'))));
if (is_null($current->parent)) {
break;
}
$results = $db->query(sprintf("SELECT * FROM `tbl_pages` WHERE `id` = '%d' LIMIT 1", (int) $current->parent));
}
return $result;
}
public function grab(&$param_pool)
{
$result = new XMLElement($this->dsParamROOTELEMENT);
self::__init();
$db = ASDCLoader::instance();
$sql = "SELECT \n\t\t\t\t\t\te.id,\n\t\t\t\t\t\te.creation_date_gmt AS `date`,\n\t\t\t\t\t\tname.value AS `name`,\n\t\t\t\t\t\trole.name AS `role`,\n\t\t\t\t\t\twebsite.value AS `website`,\n\t\t\t\t\t\tcity.value AS `city`,\n\t\t\t\t\t\ttimezone_offset.value AS `timezone-offset`,\t\t\t\t\t\t\n\t\t\t\t\t\tusername.username AS `username`,\n\t\t\t\t\t\temail.value AS `email`,\n\t\t\t\t\t\tMD5(email.value) AS `hash`\n\t\t\t\t\t\t\n\t\t\t\t\tFROM `tbl_entries_data_%d` AS `name`\n\t\t\t\t\tLEFT JOIN `tbl_entries` AS `e` ON name.entry_id = e.id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `r` ON e.id = r.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_members_roles` AS `role` ON r.role_id = role.id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `username` ON e.id = username.entry_id\t\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `email` ON e.id = email.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `city` ON e.id = city.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `website` ON e.id = website.entry_id\n\t\t\t\t\tLEFT JOIN `tbl_entries_data_%d` AS `timezone_offset` ON e.id = timezone_offset.entry_id\n\t\t\t\t\t\n\t\t\t\t\tWHERE username.username = '******'\n\t\t\t\t\tLIMIT 0, 1";
try {
$member = $db->query(sprintf($sql, self::findFieldID('name', 'members'), self::findFieldID('role', 'members'), self::findFieldID('username-and-password', 'members'), self::findFieldID('email-address', 'members'), self::findFieldID('city', 'members'), self::findFieldID('website', 'members'), self::findFieldID('timezone-offset', 'members'), $db->escape($this->dsParamFILTERS['username'])))->current();
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', $e->getMessage()));
return $result;
}
if (!$member instanceof StdClass || is_null($member)) {
$this->__redirectToErrorPage();
}
/*
<entry id="2101">
<creation-date time="19:31" weekday="3">2009-01-07</creation-date>
<name handle="allen-chang">Allen Chang</name>
<role id="2">Administrator</role>
<username-and-password username="******" password="******" />
</entry>
*/
$entry = new XMLElement('entry', NULL, array('id' => $member->id, 'email-hash' => $member->hash));
$entry->appendChild(new XMLElement('name', General::sanitize($member->name)));
if (isset($member->website) && strlen(trim($member->website)) > 0) {
$entry->appendChild(new XMLElement('website', General::sanitize($member->website)));
}
if (isset($member->city) && strlen(trim($member->city)) > 0) {
$entry->appendChild(new XMLElement('city', General::sanitize($member->city)));
}
$offset = !is_null($member->{'timezone-offset'}) ? min(max($member->{'timezone-offset'}, -12), 12) : 0;
$entry->appendChild(new XMLElement('timezone-offset', $offset));
$entry->appendChild(new XMLElement('role', General::sanitize($member->role)));
$entry->appendChild(new XMLElement('username', General::sanitize($member->username)));
$entry->appendChild(General::createXMLDateObject(strtotime($member->date . '+00:00'), 'date-joined'));
$result->appendChild($entry);
return $result;
}
protected function __trigger()
{
$result = new XMLElement(self::ROOTELEMENT);
self::__init();
$db = ASDCLoader::instance();
$success = false;
$Members = Frontend::instance()->ExtensionManager->create('members');
$Members->initialiseCookie();
if ($Members->isLoggedIn() !== true) {
$result->appendChild(new XMLElement('error', 'Must be logged in.'));
$result->setAttribute('status', 'error');
return $result;
}
$Members->initialiseMemberObject();
// Make sure we dont accidently use an expired code
extension_Members::purgeCodes();
$activation_row = $db->query(sprintf("SELECT * FROM `tbl_members_codes` WHERE `code` = '%s' AND `member_id` = %d LIMIT 1", $db->escape($_POST['fields']['code']), (int) $Members->Member->get('id')))->current();
// No code, you are a spy!
if ($activation_row === false) {
$success = false;
$result->appendChild(new XMLElement('error', 'Activation failed. Code was invalid.'));
} else {
// Got this far, all is well.
$db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `role_id` = %d WHERE `entry_id` = %d LIMIT 1", $Members->roleField(), Symphony::Configuration()->get('new_member_default_role', 'members'), (int) $Members->Member->get('id')));
extension_Members::purgeCodes((int) $Members->Member->get('id'));
$em = new EntryManager($this->_Parent);
$entry = end($em->fetch((int) $Members->Member->get('id')));
$email = $entry->getData(self::findFieldID('email-address', 'members'));
$name = $entry->getData(self::findFieldID('name', 'members'));
$Members->emailNewMember(array('section' => $Members->memberSectionHandle(), 'entry' => $entry, 'fields' => array('username-and-password' => $entry->getData(self::findFieldID('username-and-password', 'members')), 'name' => $name['value'], 'email-address' => $email['value'])));
$success = true;
}
if ($success == true && isset($_REQUEST['redirect'])) {
redirect($_REQUEST['redirect']);
}
$result->setAttribute('status', $success === true ? 'success' : 'error');
return $result;
}
private function __triggerCode()
{
$result = new XMLElement(self::ROOTELEMENT, NULL, array('step' => '2'));
$success = false;
$Members = $this->_Parent->ExtensionManager->create('members');
$code = $_POST['fields']['code'];
self::__init();
$db = ASDCLoader::instance();
// Make sure we dont accidently use an expired code
extension_Members::purgeCodes();
$code_row = $db->query(sprintf("SELECT * FROM `tbl_members_codes` WHERE `code` = '%s' LIMIT 1", $db->escape($code)))->current();
// No code, you are a spy!
if ($code_row !== false) {
extension_Members::purgeCodes($code_row->member_id);
$success = $Members->sendNewPasswordEmail($code_row->member_id);
}
$result->setAttribute('status', $success === true ? 'success' : 'error');
if ($success == false) {
$result->appendChild(new XMLElement('error', 'Sending email containing new password failed.'));
} elseif ($success == true && isset($_REQUEST['redirect'])) {
redirect($_REQUEST['redirect']);
}
return $result;
}
public function view()
{
if (!($email_template_id = $this->_context[0])) {
redirect(extension_members::baseURL());
}
if (!($existing = EmailTemplate::loadFromID($email_template_id))) {
throw new SymphonyErrorPage(__('The email template you requested to edit does not exist.'), __('Email Template not found'), 'error');
}
if (isset($this->_context[1])) {
switch ($this->_context[1]) {
case 'saved':
$this->pageAlert(__('Email Template updated at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Email Template</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), extension_members::baseURL() . 'email_templates_new/', extension_members::baseURL() . 'email_templates/')), Alert::SUCCESS);
break;
case 'created':
$this->pageAlert(__('Email Template created at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Email Template</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), extension_members::baseURL() . 'email_templates_new/', extension_members::baseURL() . 'email_templates/')), Alert::SUCCESS);
break;
}
}
Administration::instance()->Page->addStylesheetToHead(URL . '/extensions/members/assets/styles.css', 'screen', 9125341);
$formHasErrors = is_array($this->_errors) && !empty($this->_errors);
if ($formHasErrors) {
$this->pageAlert(__('An error occurred while processing this form. <a href="#error">See below for details.</a>'), AdministrationPage::PAGE_ALERT_ERROR);
}
$this->setPageType('form');
$this->setTitle('Symphony – Member Roles – ' . $existing->subject);
$this->appendSubheading($existing->subject);
$fields = array();
if (isset($_POST['fields'])) {
$fields = $_POST['fields'];
} else {
$fields['subject'] = $existing->subject;
$fields['body'] = $existing->body;
$fields['type'] = $existing->type;
$fields['roles'] = NULL;
foreach ($existing->roles() as $role_id => $r) {
$fields['roles'] .= $r->name() . ", ";
}
$fields['roles'] = trim($fields['roles'], ', ');
}
$fieldset = new XMLElement('fieldset');
$fieldset->setAttribute('class', 'primary');
$label = Widget::Label('Subject');
$label->appendChild(Widget::Input('fields[subject]', General::sanitize($fields['subject'])));
if (isset($this->_errors['subject'])) {
$fieldset->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['subject']));
} else {
$fieldset->appendChild($label);
}
$label = Widget::Label('Body');
$label->appendChild(Widget::Textarea('fields[body]', 15, 75, General::sanitize($fields['body'])));
if (isset($this->_errors['body'])) {
$fieldset->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['body']));
} else {
$fieldset->appendChild($label);
}
$fieldset->appendChild(new XMLElement('p', 'Dynamic fields and parameters can be included in the subject or body of the email using the <code>{$param}</code> syntax. Please see the <a href="http://github.com/symphony/members/blob/master/README.markdown">readme</a> for a complete list of available parameters.', array('class' => 'help')));
$this->Form->appendChild($fieldset);
$sidebar = new XMLElement('fieldset');
$sidebar->setAttribute('class', 'secondary');
$label = Widget::Label('Type');
$options = array(array(NULL, false, NULL), array('reset-password', $fields['type'] == 'reset-password', 'Reset Password'), array('new-password', $fields['type'] == 'new-password', 'New Password'), array('activate-account', $fields['type'] == 'activate-account', 'Activate Account'), array('welcome', $fields['type'] == 'welcome', 'Welcome Email'));
$label->appendChild(Widget::Select('fields[type]', $options));
if (isset($this->_errors['type'])) {
$sidebar->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['type']));
} else {
$sidebar->appendChild($label);
}
$label = Widget::Label('Roles');
$label->appendChild(Widget::Input('fields[roles]', $fields['roles']));
if (isset($this->_errors['roles'])) {
$sidebar->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['roles']));
} else {
$sidebar->appendChild($label);
}
$roles = DatabaseUtilities::resultColumn(ASDCLoader::instance()->query("SELECT `name` FROM `tbl_members_roles` ORDER BY `name` ASC"), 'name');
if (is_array($roles) && !empty($roles)) {
$taglist = new XMLElement('ul');
$taglist->setAttribute('class', 'tags');
foreach ($roles as $tag) {
$taglist->appendChild(new XMLElement('li', $tag));
}
$sidebar->appendChild($taglist);
}
$this->Form->appendChild($sidebar);
$div = new XMLElement('div');
$div->setAttribute('class', 'actions');
$div->appendChild(Widget::Input('action[save]', 'Save Changes', 'submit', array('accesskey' => 's')));
$button = new XMLElement('button', __('Delete'));
$button->setAttributeArray(array('name' => 'action[delete]', 'class' => 'confirm delete', 'title' => __('Delete this email template')));
$div->appendChild($button);
$this->Form->appendChild($div);
}
public function view()
{
Administration::instance()->Page->addStylesheetToHead(URL . '/extensions/members/assets/styles.css', 'screen', 9125341);
$formHasErrors = is_array($this->_errors) && !empty($this->_errors);
if ($formHasErrors) {
$this->pageAlert('An error occurred while processing this form. <a href="#error">See below for details.</a>', AdministrationPage::PAGE_ALERT_ERROR);
}
$this->setPageType('form');
$this->appendSubheading('Untitled');
$fields = array();
if (isset($_POST['fields'])) {
$fields = $_POST['fields'];
}
$fieldset = new XMLElement('fieldset');
$fieldset->setAttribute('class', 'primary');
$label = Widget::Label('Subject');
$label->appendChild(Widget::Input('fields[subject]', General::sanitize($fields['subject'])));
if (isset($this->_errors['subject'])) {
$fieldset->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['subject']));
} else {
$fieldset->appendChild($label);
}
$label = Widget::Label('Body');
$label->appendChild(Widget::Textarea('fields[body]', 15, 75, General::sanitize($fields['body'])));
if (isset($this->_errors['body'])) {
$fieldset->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['body']));
} else {
$fieldset->appendChild($label);
}
$fieldset->appendChild(new XMLElement('p', 'Dynamic fields and parameters can be included in the subject or body of the email using the <code>{$param}</code> syntax. Please see the <a href="http://github.com/symphony/members/blob/master/README.markdown">readme</a> for a complete list of available parameters.', array('class' => 'help')));
$this->Form->appendChild($fieldset);
$sidebar = new XMLElement('fieldset');
$sidebar->setAttribute('class', 'secondary');
$label = Widget::Label('Type');
$options = array(array(NULL, false, NULL), array('reset-password', $fields['type'] == 'reset-password', 'Reset Password'), array('new-password', $fields['type'] == 'new-password', 'New Password'), array('activate-account', $fields['type'] == 'activate-account', 'Activate Account'), array('welcome', $fields['type'] == 'welcome', 'Welcome Email'));
$label->appendChild(Widget::Select('fields[type]', $options));
if (isset($this->_errors['type'])) {
$sidebar->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['type']));
} else {
$sidebar->appendChild($label);
}
$label = Widget::Label('Roles');
$label->appendChild(Widget::Input('fields[roles]', $fields['roles']));
if (isset($this->_errors['roles'])) {
$sidebar->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['roles']));
} else {
$sidebar->appendChild($label);
}
$roles = DatabaseUtilities::resultColumn(ASDCLoader::instance()->query("SELECT `name` FROM `tbl_members_roles` ORDER BY `name` ASC"), 'name');
if (is_array($roles) && !empty($roles)) {
$taglist = new XMLElement('ul');
$taglist->setAttribute('class', 'tags');
foreach ($roles as $tag) {
$taglist->appendChild(new XMLElement('li', $tag));
}
$sidebar->appendChild($taglist);
}
$this->Form->appendChild($sidebar);
$div = new XMLElement('div');
$div->setAttribute('class', 'actions');
$div->appendChild(Widget::Input('action[save]', 'Create', 'submit', array('accesskey' => 's')));
$this->Form->appendChild($div);
}
protected function __trigger()
{
$success = true;
$Members = $this->_Parent->ExtensionManager->create('members');
$Members->initialiseCookie();
// Make sure the user is logged in
if ($Members->isLoggedIn() !== true) {
$result->appendChild(new XMLElement('error', 'Must be logged in.'));
$result->setAttribute('status', 'error');
return $result;
}
$Members->initialiseMemberObject();
$current_credentials = $Members->Member->getData($Members->usernameAndPasswordField());
$result = new XMLElement(self::ROOTELEMENT);
// This event will listen for either a New Password + Old Password
// or New Password + Valid Code. Codes are issued via the Forgot Password feature
$fields = $_POST['fields'];
$old_password = $new_password = $code = NULL;
if (!isset($fields['new-password']) || strlen(trim($fields['new-password'])) == 0) {
$success = false;
$result->appendChild(new XMLElement('new-password', NULL, array('type' => 'missing')));
} else {
$new_password = trim($fields['new-password']);
}
if (!isset($fields['old-password']) || strlen(trim($fields['old-password'])) == 0) {
$success = false;
$result->appendChild(new XMLElement('old-password', NULL, array('type' => 'missing')));
} elseif (md5(trim($fields['old-password'])) != $current_credentials['password']) {
$success = false;
$result->appendChild(new XMLElement('old-password', NULL, array('type' => 'invalid', 'message' => 'Password is incorrect.')));
} else {
$old_password = trim($fields['old-password']);
}
if ($success === true) {
self::__init();
$db = ASDCLoader::instance();
// Attempt to update the password
$db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `password` = '%s' WHERE `entry_id` = %d LIMIT 1", $Members->usernameAndPasswordField(), md5($new_password), (int) $Members->Member->get('id')));
// Update the cookie by simulating login
if ($Members->login($current_credentials['username'], $new_password) !== true) {
$success = false;
$result->appendChild(new XMLElement('error', 'Problem updating cookie.'));
}
}
if ($success == true && isset($_REQUEST['redirect'])) {
redirect($_REQUEST['redirect']);
}
$result->setAttribute('result', $success === true ? 'success' : 'error');
return $result;
}
public function Database($enableProfiling = false)
{
return ASDCLoader::instance($enableProfiling);
}
public function buildXML()
{
if (!empty($this->_member_id)) {
$result = new XMLElement('member-login-info');
$result->setAttribute('logged-in', 'true');
if (!$this->Member) {
$this->initialiseMemberObject();
}
$result->setAttributeArray(array('id' => $this->Member->get('id')));
$entryManager = new EntryManager($this->_Parent);
foreach ($this->Member->getData() as $field_id => $values) {
if (!isset($fieldPool[$field_id]) || !is_object($fieldPool[$field_id])) {
$fieldPool[$field_id] =& $entryManager->fieldManager->fetch($field_id);
}
$fieldPool[$field_id]->appendFormattedElement($result, $values, false, NULL, $this->Member->get('id'));
}
$role_data = $this->Member->getData($this->roleField());
$role = $this->fetchRole($role_data['role_id'], true);
$permission = new XMLElement('permissions');
$forbidden_pages = $role->forbiddenPages();
if (is_array($forbidden_pages) && !empty($forbidden_pages)) {
$rows = ASDCLoader::instance()->query(sprintf("SELECT * FROM `tbl_pages` WHERE `id` IN (%s)", @implode(',', $forbidden_pages)));
$pages = new XMLElement('forbidden-pages');
foreach ($rows as $r) {
$attr = array('id' => $r->id, 'handle' => General::sanitize($r->handle));
if (!is_null($r->path)) {
$attr['parent-path'] = General::sanitize($r->path);
}
$pages->appendChild(new XMLElement('page', General::sanitize($r->title), $attr));
}
$permission->appendChild($pages);
}
$event_permissions = $role->eventPermissions();
if (is_array($event_permissions) && !empty($event_permissions)) {
foreach ($event_permissions as $event_handle => $e) {
$obj = new XMLElement($event_handle);
foreach ($e as $action => $level) {
$obj->appendChild(new XMLElement($action, (string) $level));
}
$permission->appendChild($obj);
}
}
$result->appendChild($permission);
} else {
$result = new XMLElement('member-login-info');
$result->setAttribute('logged-in', 'false');
if (self::$_failed_login_attempt === true) {
$result->setAttribute('failed-login-attempt', 'true');
}
}
return $result;
}
public function fetchEmailTemplates()
{
return ASDCLoader::instance()->query('SELECT * FROM `tbl_members_email_templates` ORDER BY `id` ASC', 'EmailTemplateResultIterator');
}
public function view()
{
Administration::instance()->Page->addStylesheetToHead(URL . '/extensions/members/assets/styles.css', 'screen', 9125341);
Administration::instance()->Page->addStylesheetToHead(URL . '/extensions/members/assets/jquery-ui.css', 'screen', 9125342);
Administration::instance()->Page->addScriptToHead(URL . '/extensions/members/assets/jquery-ui.js', 9126342);
Administration::instance()->Page->addScriptToHead(URL . '/extensions/members/assets/members.js', 9126343);
$formHasErrors = is_array($this->_errors) && !empty($this->_errors);
if ($formHasErrors) {
$this->pageAlert(__('An error occurred while processing this form. <a href="#error">See below for details.</a>'), AdministrationPage::PAGE_ALERT_ERROR);
}
$this->setPageType('form');
$this->appendSubheading(__('Untitled'));
$fields = array();
if (isset($_POST['fields'])) {
$fields = $_POST['fields'];
}
$fieldset = new XMLElement('fieldset');
$fieldset->setAttribute('class', 'settings type-file');
$fieldset->appendChild(new XMLElement('legend', __('Essentials')));
$label = Widget::Label(__('Name'));
$label->appendChild(Widget::Input('fields[name]', General::sanitize($fields['name'])));
if (isset($this->_errors['name'])) {
$fieldset->appendChild(Widget::wrapFormElementWithError($label, $this->_errors['name']));
} else {
$fieldset->appendChild($label);
}
$this->Form->appendChild($fieldset);
$EventManager = new EventManager($this->_Parent);
$events = $EventManager->listAll();
if (is_array($events) && !empty($events)) {
foreach ($events as $handle => $e) {
$show_in_role_permissions = method_exists("event{$handle}", 'showInRolePermissions') && call_user_func(array("event{$handle}", 'showInRolePermissions')) === true ? true : false;
if (!$e['can_parse'] && !$show_in_role_permissions) {
unset($events[$handle]);
}
}
}
$fieldset = new XMLElement('fieldset');
$fieldset->setAttribute('class', 'settings type-file');
$fieldset->appendChild(new XMLElement('legend', __('Event Level Permissions')));
$aTableHead = array(array(__('Event'), 'col'), array(__('Create'), 'col'), array(__('Edit'), 'col'));
$aTableBody = array();
/*
<tr class="global">
<td>Set Global Permissions</td>
<td class="add">
<input type="checkbox" name="add-global" value="no"/>
</td>
<td class="edit">
<p class="global-slider"></p>
<span>n/a</span>
</td>
<!--<td class="delete">
<p class="global-slider"></p>
<span>n/a</span>
</td>-->
</tr>
*/
## Setup each cell
$td1 = Widget::TableData(__('Global Permissions'));
$td2 = Widget::TableData(Widget::Input('global-add', '1', 'checkbox'), 'add');
$td3 = Widget::TableData(NULL, 'edit');
$td3->appendChild(new XMLElement('p', NULL, array('class' => 'global-slider')));
$td3->appendChild(new XMLElement('span', 'n/a'));
$td4 = Widget::TableData(NULL, 'delete');
$td4->appendChild(new XMLElement('p', NULL, array('class' => 'global-slider')));
$td4->appendChild(new XMLElement('span', 'n/a'));
## Add a row to the body array, assigning each cell to the row
$aTableBody[] = Widget::TableRow(array($td1, $td2, $td3), 'global');
//, $td4
if (is_array($events) && !empty($events)) {
foreach ($events as $event_handle => $event) {
$permissions = $fields['permissions'][$event_handle];
## Setup each cell
$td1 = Widget::TableData($event['name']);
$td2 = Widget::TableData(Widget::Input("fields[permissions][{$event_handle}][create]", '1', 'checkbox', $permissions['create'] == 1 ? array('checked' => 'checked') : NULL), 'add');
$td3 = Widget::TableData(NULL, 'edit');
$td3->appendChild(new XMLElement('p', NULL, array('class' => 'slider')));
$span = new XMLElement('span');
$span->setSelfClosingTag(false);
$td3->appendChild($span);
$td3->appendChild(Widget::Input('fields[permissions][' . $event_handle . '][edit]', isset($permissions['edit']) ? $permissions['edit'] : '0', 'hidden'));
$td4 = Widget::TableData(NULL, 'delete');
$td4->appendChild(new XMLElement('p', NULL, array('class' => 'slider')));
$span = new XMLElement('span');
$span->setSelfClosingTag(false);
$td4->appendChild($span);
$td4->appendChild(Widget::Input('fields[permissions][' . $event_handle . '][delete]', isset($permissions['delete']) ? $permissions['delete'] : '0', 'hidden'));
/*
<tr>
<td>{EVENT-NAME}</td>
<td class="add">
<input type="checkbox" name="{ANY NAME}" value="{EXISTING STATE:No}"/>
</td>
<td class="edit">
<p class="slider"></p>
<span></span>
<input type="hidden" name="{ANY NAME}" value="{EXISTING-VALUE:1}"/>
</td>
<!--<td class="delete">
<p class="slider"></p>
<span></span>
<input type="hidden" name="{ANY NAME}" value="{EXISTING-VALUE:1}"/>
</td>-->
</tr>
*/
## Add a row to the body array, assigning each cell to the row
$aTableBody[] = Widget::TableRow(array($td1, $td2, $td3));
//, $td4));
}
}
$table = Widget::Table(Widget::TableHead($aTableHead), NULL, Widget::TableBody($aTableBody), 'role-permissions');
$fieldset->appendChild($table);
$this->Form->appendChild($fieldset);
####
# Delegate: MemberRolePermissionFieldsetsEdit
# Description: Add custom fieldsets to the role page
Administration::instance()->ExtensionManager->notifyMembers('MemberRolePermissionFieldsetsEdit', '/extension/members/roles_edit/', array('form' => &$this->Form, 'permissions' => $fields['permissions']));
#####
$fieldset = new XMLElement('fieldset');
$fieldset->setAttribute('class', 'settings type-file');
$fieldset->appendChild(new XMLElement('legend', __('Page Level Permissions')));
$pages = ASDCLoader::instance()->query(sprintf("SELECT * FROM `tbl_pages` %s ORDER BY `title` ASC", $this->_context[0] == 'edit' ? "WHERE `id` != '{$page_id}' " : NULL));
$label = Widget::Label(__('Deny Access'));
$options = array();
if ($pages->length() > 0) {
foreach ($pages as $page) {
$options[] = array($page->id, @in_array($page->id, $fields['page_access']), '/' . Administration::instance()->resolvePagePath($page->id));
}
}
$label->appendChild(Widget::Select('fields[page_access][]', $options, array('multiple' => 'multiple')));
$fieldset->appendChild($label);
$this->Form->appendChild($fieldset);
$div = new XMLElement('div');
$div->setAttribute('class', 'actions');
$div->appendChild(Widget::Input('action[save]', __('Create'), 'submit', array('accesskey' => 's')));
$this->Form->appendChild($div);
}
protected function __trigger()
{
$success = true;
$result = new XMLElement('forgot-password');
$Members = $this->_Parent->ExtensionManager->create('members');
$username = $email = $code = NULL;
if (isset($_POST['fields']['code']) && strlen(trim($_POST['fields']['code'])) > 0) {
$code = $_POST['fields']['code'];
$new_password = General::generatePassword();
self::__init();
$db = ASDCLoader::instance();
// Make sure we dont accidently use an expired token
extension_Members::purgeTokens();
$token_row = $db->query(sprintf("SELECT * FROM `tbl_members_login_tokens` WHERE `token` = '%s' LIMIT 1", $db->escape($code)))->current();
// No code, you are a spy!
if ($token_row === false) {
redirect(URL . '/members/reset-pass/failed/');
}
// Attempt to update the password
$db->query(sprintf("UPDATE `tbl_entries_data_%d` SET `password` = '%s' WHERE `entry_id` = %d LIMIT 1", $Members->usernameAndPasswordField(), md5($new_password), $token_row->member_id));
extension_Members::purgeTokens($token_row->member_id);
// SEND THE EMAIL!!
$entry = $Members->initialiseMemberObject($token_row->member_id);
$email_address = $entry->getData(self::findFieldID('email-address', 'members'));
$name = $entry->getData(self::findFieldID('name', 'members'));
$subject = 'Your new password';
$body = 'Dear {$name},
Just now, you have asked the Symphony brain trust to bestow you with a new password.
Well, here it is: {$new-password}
There\'s a good chance that you won\'t like this new password and want to change it - don\'t worry, we\'re not offended.
You can do that once you\'ve logged in by going here: {$root}/members/change-pass/
If you have any trouble, please email us at support@symphony-cms.com and we\'ll do our best to help.
Regards,
Symphony Team';
$body = str_replace(array('{$name}', '{$root}', '{$new-password}'), array($name['value'], URL, $new_password), $body);
$sender_email = 'noreply@' . parse_url(URL, PHP_URL_HOST);
$sender_name = Symphony::Configuration()->get('sitename', 'general');
General::sendEmail($email_address['value'], $sender_email, $sender_name, $subject, $body);
redirect(URL . '/members/reset-pass/success/');
}
// Username take precedence
if (isset($_POST['fields']['member-username']) && strlen(trim($_POST['fields']['member-username'])) > 0) {
$username = $_POST['fields']['member-username'];
}
if (isset($_POST['fields']['member-email-address']) && strlen(trim($_POST['fields']['member-email-address'])) > 0) {
$email = $_POST['fields']['member-email-address'];
}
if (is_null($username) && is_null($email)) {
$success = false;
$result->appendChild(new XMLElement('member-username', NULL, array('type' => 'missing')));
$result->appendChild(new XMLElement('member-email-address', NULL, array('type' => 'missing')));
} else {
$members = array();
if (!is_null($email)) {
$members = $Members->findMemberIDFromEmail($email);
}
if (!is_null($username)) {
$members[] = $Members->findMemberIDFromUsername($username);
}
// remove duplicates
$members = array_unique($members);
try {
if (is_array($members) && !empty($members)) {
foreach ($members as $member_id) {
$Members->sendForgotPasswordEmail($member_id);
}
redirect(URL . '/members/reset-pass/code/');
}
} catch (Exception $e) {
// Shouldn't get here, but will catch an invalid member ID if it does
}
$success = false;
}
$result->setAttribute('status', $success === true ? 'success' : 'error');
return $result;
}
public function flush()
{
$queries = ASDCLoader::instance()->query("DELETE FROM `db_sync` WHERE 1");
}
public function action()
{
##Do not proceed if the config file is read only
if (!is_writable(CONFIG)) {
redirect($this->_Parent->getCurrentPageURL());
}
if (isset($_POST['action']['save'])) {
$settings = array_map('addslashes', $_POST['fields']);
if (!isset($settings['require_activation'])) {
$settings['require_activation'] = 'no';
}
foreach ($settings as $key => $value) {
Symphony::Configuration()->set($key, $value, 'members');
}
$this->_Parent->saveConfig();
redirect($this->_Parent->getCurrentPageURL());
} elseif (isset($_POST['action']['smart-setup'])) {
$db = ASDCLoader::instance();
try {
// Create thew new Section
$db->query("INSERT INTO `tbl_sections` VALUES(\n\t\t\t\t\t\tNULL, 'Members', 'members', 999, NULL, 'asc', 'no', 'Content'\n\t\t\t\t\t)");
$section_id = $db->lastInsertID();
// Member Field
$db->query(sprintf("INSERT INTO `tbl_fields` \n\t\t\t\t\t\tVALUES(\n\t\t\t\t\t\t\tNULL, 'Username and Password', 'username-and-password', 'member', %d, 'yes', 0, 'main', 'yes'\n\t\t\t\t\t\t)", $section_id));
$member_field_id = $db->lastInsertID();
$db->query(sprintf("INSERT INTO `tbl_fields_member` VALUES(NULL, %d)", $member_field_id));
// Member Field data table
$db->query(sprintf("CREATE TABLE `tbl_entries_data_%d` (\n\t\t\t\t\t\t `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t `entry_id` int(11) unsigned NOT NULL,\n\t\t\t\t\t\t `username` varchar(50) DEFAULT NULL,\n\t\t\t\t\t\t `password` varchar(32) DEFAULT NULL,\n\t\t\t\t\t\t PRIMARY KEY (`id`),\n\t\t\t\t\t\t KEY `entry_id` (`entry_id`),\n\t\t\t\t\t\t KEY `username` (`username`)\n\t\t\t\t\t\t)", $member_field_id));
// Role Field
$db->query(sprintf("INSERT INTO `tbl_fields` \n\t\t\t\t\t\tVALUES(NULL, 'Role', 'role', 'memberrole', %d, 'no', 2, 'sidebar', 'yes')", $section_id));
$role_field_id = $db->lastInsertID();
$db->query(sprintf("INSERT INTO `tbl_fields_memberrole` VALUES(NULL, %d)", $role_field_id));
// Role Field data table
$db->query(sprintf("CREATE TABLE `tbl_entries_data_%d` (\n\t\t\t\t\t\t `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t `entry_id` int(11) unsigned NOT NULL,\n\t\t\t\t\t\t `role_id` int(11) unsigned NOT NULL,\n\t\t\t\t\t\t PRIMARY KEY (`id`),\n\t\t\t\t\t\t KEY `entry_id` (`entry_id`,`role_id`)\n\t\t\t\t\t\t)", $role_field_id));
// Timezone Offset Field
$db->query(sprintf("INSERT INTO `tbl_fields` \n\t\t\t\t\t\tVALUES(NULL, 'Timezone Offset', 'timezone-offset', 'input', %d, 'no', 3, 'sidebar', 'yes')", $section_id));
$timezone_field_id = $db->lastInsertID();
$db->query(sprintf("INSERT INTO `tbl_fields_input` VALUES(NULL, %d, NULL)", $timezone_field_id));
// Timezone Offset Field data table
$db->query(sprintf("CREATE TABLE `tbl_entries_data_%d` (\n\t\t\t\t\t\t `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t `entry_id` int(11) unsigned NOT NULL,\n\t\t\t\t\t\t `handle` varchar(255) DEFAULT NULL,\n\t\t\t\t\t\t `value` varchar(255) DEFAULT NULL,\n\t\t\t\t\t\t PRIMARY KEY (`id`),\n\t\t\t\t\t\t KEY `entry_id` (`entry_id`),\n\t\t\t\t\t\t KEY `handle` (`handle`),\n\t\t\t\t\t\t KEY `value` (`value`)\n\t\t\t\t\t\t)", $timezone_field_id));
// Email Field
$db->query(sprintf("INSERT INTO `tbl_fields` \n\t\t\t\t\t\tVALUES(NULL, 'Email Address', 'email-address', 'input', %d, 'yes', 1, 'main', 'yes')", $section_id));
$email_field_id = $db->lastInsertID();
$db->query(sprintf("INSERT INTO `tbl_fields_input` VALUES(\n\t\t\t\t\t\tNULL, %d, '%s'\n\t\t\t\t\t)", $email_field_id, $db->escape('/^\\w(?:\\.?[\\w%+-]+)*@\\w(?:[\\w-]*\\.)+?[a-z]{2,}$/i')));
// Email Field data table
$db->query(sprintf("CREATE TABLE `tbl_entries_data_%d` (\n\t\t\t\t\t\t `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t `entry_id` int(11) unsigned NOT NULL,\n\t\t\t\t\t\t `handle` varchar(255) DEFAULT NULL,\n\t\t\t\t\t\t `value` varchar(255) DEFAULT NULL,\n\t\t\t\t\t\t PRIMARY KEY (`id`),\n\t\t\t\t\t\t KEY `entry_id` (`entry_id`),\n\t\t\t\t\t\t KEY `handle` (`handle`),\n\t\t\t\t\t\t KEY `value` (`value`)\n\t\t\t\t\t\t)", $email_field_id));
} catch (Exception $e) {
print_r($db->lastError());
die;
}
/*
###### MEMBERS ######
'members' => array(
'cookie-prefix' => 'sym-members',
'member_section' => '11',
'email_address_field_id' => '41',
'timezone_offset_field_id' => '40',
),
########
*/
Symphony::Configuration()->set('member_section', $section_id, 'members');
Symphony::Configuration()->set('email_address_field_id', $email_field_id, 'members');
Symphony::Configuration()->set('timezone_offset_field_id', $timezone_field_id, 'members');
Administration::instance()->saveConfig();
redirect(Administration::instance()->getCurrentPageURL());
}
/*
INSERT INTO `tbl_fields` VALUES(NULL, 'Username and Password', 'username-and-password', 'member', 7, 'yes', 0, 'main', 'yes');
INSERT INTO `tbl_fields_member` VALUES(NULL, 25);
CREATE TABLE `tbl_entries_data_25` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`entry_id` int(11) unsigned NOT NULL,
`username` varchar(50) DEFAULT NULL,
`password` varchar(32) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `entry_id` (`entry_id`),
KEY `username` (`username`)
);
INSERT INTO `tbl_fields` VALUES(NULL, 'Role', 'role', 'memberrole', 7, 'no', 2, 'sidebar', 'yes');
INSERT INTO `tbl_fields_memberrole` VALUES(NULL, 26);
CREATE TABLE `tbl_entries_data_26` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`entry_id` int(11) unsigned NOT NULL,
`role_id` int(11) unsigned NOT NULL,
PRIMARY KEY (`id`),
KEY `entry_id` (`entry_id`,`role_id`)
);
INSERT INTO `tbl_fields` VALUES(NULL, 'Timezone Offset', 'timezone-offset', 'input', 7, 'no', 3, 'sidebar', 'yes');
INSERT INTO `tbl_fields_input` VALUES(NULL, 27, NULL);
CREATE TABLE `tbl_entries_data_27` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`entry_id` int(11) unsigned NOT NULL,
`handle` varchar(255) DEFAULT NULL,
`value` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `entry_id` (`entry_id`),
KEY `handle` (`handle`),
KEY `value` (`value`)
);
INSERT INTO `tbl_fields` VALUES(NULL, 'Email Address', 'email-address', 'input', 7, 'yes', 1, 'main', 'yes');
INSERT INTO `tbl_fields_input` VALUES(NULL, 28, '/^\\w(?:\\.?[\\w%+-]+)*@\\w(?:[\\w-]*\\.)+?[a-z]{2,}$/i');
CREATE TABLE `tbl_entries_data_28` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`entry_id` int(11) unsigned NOT NULL,
`handle` varchar(255) DEFAULT NULL,
`value` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `entry_id` (`entry_id`),
KEY `handle` (`handle`),
KEY `value` (`value`)
);
*/
}
public function grab(&$param_pool)
{
$Members = Frontend::instance()->ExtensionManager->create('members');
$Members->initialiseCookie();
if ($Members->isLoggedIn() !== true) {
// Oi! you can't be here
redirect(URL . '/forbidden/');
exit;
}
$result = new XMLElement($this->dsParamROOTELEMENT);
self::__init();
$db = ASDCLoader::instance();
$sql = 'SELECT SQL_CALC_FOUND_ROWS
pinned.entry_id AS `id`,
pinned.value AS `pinned`,
closed.value AS `closed`,
creation_date.local AS `creation-date`,
last_active.local AS `last-active`,
created_by.member_id AS `created-by-member-id`,
created_by.username AS `created-by-username`,
last_post.member_id AS `last-post-member-id`,
last_post.username AS `last-post-username`,
topic.value AS `topic`
FROM `tbl_entries_data_%d` AS `pinned`
LEFT JOIN `tbl_entries_data_%d` AS `closed` ON pinned.entry_id = closed.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `creation_date` ON pinned.entry_id = creation_date.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `last_active` ON pinned.entry_id = last_active.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `created_by` ON pinned.entry_id = created_by.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `last_post` ON pinned.entry_id = last_post.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `topic` ON pinned.entry_id = topic.entry_id
LEFT JOIN `tbl_entries_data_%d` AS `comments` ON pinned.entry_id = comments.relation_id
LEFT JOIN `tbl_entries_data_%d` AS `discussion_comments_member` ON comments.entry_id = discussion_comments_member.entry_id
WHERE 1 %s
AND (created_by.member_id = %11$d || discussion_comments_member.member_id = %11$d)
GROUP BY pinned.entry_id
ORDER BY pinned.value ASC, last_active.local DESC
LIMIT %12$d, %13$d';
try {
$rows = $db->query(sprintf($sql, self::findFieldID('pinned', 'discussions'), self::findFieldID('closed', 'discussions'), self::findFieldID('creation-date', 'discussions'), self::findFieldID('last-active', 'discussions'), self::findFieldID('created-by', 'discussions'), self::findFieldID('last-post', 'discussions'), self::findFieldID('topic', 'discussions'), self::findFieldID('parent-id', 'comments'), self::findFieldID('created-by', 'comments'), isset($this->dsParamFILTERS['id']) && (int) $this->dsParamFILTERS['id'] > 0 ? " AND pinned.entry_id = " . (int) $this->dsParamFILTERS['id'] : NULL, (int) $Members->Member->get('id'), max(0, ($this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT), $this->dsParamLIMIT));
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query %s', $db->lastError()))));
return $result;
}
if ($rows->length() == 0) {
return $this->emptyXMLSet();
}
$total = $db->query('SELECT FOUND_ROWS() AS `total`;')->current()->total;
$result->prependChild(General::buildPaginationElement($total, ceil($total * (1 / $this->dsParamLIMIT)), $this->dsParamLIMIT, $this->dsParamSTARTPAGE));
/*
stdClass Object
(
[id] => 666
[pinned] => yes
[closed] => no
[creation-date] => 1233599808
[last-active] => 1237161637
[created-by-member-id] => 2126
[created-by-username] => Lewis
[last-post-member-id] => 2126
[last-post-username] => Lewis
[topic] => Symphony 2 Documentation
[comments] => 18
)
<entry id="595" comments="7">
<created-by id="2150">newnomad</created-by>
<closed>No</closed>
<last-active time="18:30" weekday="1">2009-02-09</last-active>
<last-post id="2150">newnomad</last-post>
<pinned>No</pinned>
<topic handle="viewing-feeds">viewing feeds</topic>
<creation-date time="19:31" weekday="3">2009-01-07</creation-date>
</entry>
*/
$param_pool['ds-' . $this->dsParamROOTELEMENT] = DatabaseUtilities::resultColumn($rows, 'id');
foreach ($rows as $r) {
// Need to do a seperate query to find the comment counts.
try {
$comments = $db->query(sprintf("SELECT COUNT(*) AS `count` FROM `tbl_entries_data_%d` WHERE `relation_id` = %d ", self::findFieldID('parent-id', 'comments'), $r->id))->current()->count;
} catch (Exception $e) {
$result->appendChild(new XMLElement('error', General::sanitize(vsprintf('%d: %s on query %s', $db->lastError()))));
return $result;
}
$entry = new XMLElement('entry', NULL, array('id' => $r->id, 'comments' => $comments));
$entry->appendChild(new XMLElement('created-by', General::sanitize($r->{'created-by-username'}), array('id' => $r->{'created-by-member-id'})));
$entry->appendChild(new XMLElement('last-post', General::sanitize($r->{'last-post-username'}), array('id' => $r->{'last-post-member-id'})));
$entry->appendChild(new XMLElement('closed', ucfirst($r->closed)));
$entry->appendChild(new XMLElement('pinned', ucfirst($r->pinned)));
$entry->appendChild(new XMLElement('topic', General::sanitize($r->topic)));
$entry->appendChild(General::createXMLDateObject($r->{'creation-date'}, 'creation-date'));
$entry->appendChild(General::createXMLDateObject($r->{'last-active'}, 'last-active'));
$result->appendChild($entry);
}
return $result;
}
