public function grab()
{
parent::grab();
$author_ids = $this->_getAuthorIds();
$authors = AuthorManager::fetchByID($author_ids, 'id', $this->dsParamORDER);
return (array) $authors;
}
public function ldap_login($context)
{
if (!empty($context->username) || !empty($_POST['password'])) {
//LDAP connection
$ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors'));
if ($ldap) {
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors'));
$filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors'));
$basedn = Symphony::Configuration()->get('basedn', 'ldap_authors');
try {
//Attempt to authenticate to the LDAP server
$bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']);
$user = AuthorManager::fetchByUsername($context['username']);
if (count($user) > 0 && $user->get('LDAP') === '1') {
//LDAP user has visited before therefore login
$this->login($user);
return true;
} else {
//New LDAP user, we need to insert their details in the authors table
$ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn);
if ($ldap_user) {
//Get attributes and insert data
$attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors'));
$author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]);
if (count($author_details) == 3) {
$id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true));
if ($id) {
//Once user is inserted log them in
$user = AuthorManager::fetchByID($id);
$this->login($user);
return true;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR);
}
}
} catch (Exception $e) {
Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING);
}
return false;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR);
}
}
}
public function __viewIndex()
{
$entry_id = $_REQUEST['entry_id'];
$author_id = $_REQUEST['author_id'];
if (!$entry_id || !$author_id) {
echo json_encode('expired');
exit;
}
$setup = $_REQUEST['setup'];
$force = $_REQUEST['force'];
if ($force == 'true') {
$this->_driver->removeTheLockByEntry($entry_id);
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
exit;
}
$lock = $this->_driver->lockExists($entry_id);
if ($author_id != $lock[0] && $lock[0] > 0) {
$authorManager = new AuthorManager($this->_Parent);
$author = $authorManager->fetchByID($lock[0]);
echo json_encode($author->getFullName());
} else {
if ($lock == -1) {
echo json_encode('expired-lifetime');
} else {
if ($lock == 0 && $setup == true) {
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
} else {
if ($lock == 0) {
echo json_encode('expired');
} else {
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
}
}
}
}
exit;
}
public static function get()
{
$url_parts = REST_API::getRequestURI();
$author_url = $url_parts[0];
$response = new XMLElement('response');
if (isset($author_url)) {
if (is_numeric($author_url)) {
$author = AuthorManager::fetchByID($author_url);
} else {
$author = AuthorManager::fetchByUsername($author_url);
}
if (!$author) {
REST_API::sendError('Author not found.', 404);
}
$response->appendChild(self::__buildAuthorXML($author));
} else {
$authors = AuthorManager::fetch();
foreach ($authors as $author) {
$response->appendChild(self::__buildAuthorXML($author));
}
}
REST_API::sendOutput($response);
}
/**
* Give the field some data and ask it to return a value using one of many
* possible modes.
*
* @param mixed $data
* @param integer $mode
* @param integer $entry_id
* @return array|null
*/
public function prepareExportValue($data, $mode, $entry_id = null)
{
$modes = (object) $this->getExportModes();
// Make sure we have an array to work with:
if (isset($data['author_id']) && is_array($data['author_id']) === false) {
$data['author_id'] = array($data['author_id']);
}
// Return the author IDs:
if ($mode === $modes->listAuthor || $mode === $modes->getPostdata) {
return isset($data['author_id']) ? $data['author_id'] : array();
}
// All other modes require full data:
$authors = isset($data['author_id']) ? AuthorManager::fetchByID($data['author_id']) : array();
$items = array();
foreach ($authors as $author) {
if (is_null($author)) {
continue;
}
if ($mode === $modes->listAuthorObject) {
$items[] = $author;
} else {
if ($mode === $modes->listValue) {
$items[] = $author->getFullName();
} else {
if ($mode === $modes->listAuthorToValue) {
$items[$data['author_id']] = $author->getFullName();
}
}
}
}
return $items;
}
function action()
{
if (isset($_POST['action'])) {
$actionParts = array_keys($_POST['action']);
$action = end($actionParts);
##Login Attempted
if ($action == 'login') {
if (empty($_POST['username']) || empty($_POST['password']) || !$this->_Parent->login($_POST['username'], $_POST['password'])) {
## TODO: Fix Me
###
# Delegate: LoginFailure
# Description: Failed login attempt. Username is provided.
//$ExtensionManager->notifyMembers('LoginFailure', getCurrentPage(), array('username' => $_POST['username']));
//$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>'));
//$this->_alert = 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>';
$this->_invalidPassword = true;
} else {
## TODO: Fix Me
###
# Delegate: LoginSuccess
# Description: Successful login attempt. Username is provided.
//$ExtensionManager->notifyMembers('LoginSuccess', getCurrentPage(), array('username' => $_POST['username']));
if (isset($_POST['redirect'])) {
redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
}
redirect(URL . '/symphony/');
}
##Reset of password requested
} elseif ($action == 'reset') {
$author = $this->_Parent->Database->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . $_POST['email'] . "'");
if (!empty($author)) {
$this->_Parent->Database->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
if (!($token = $this->_Parent->Database->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
$token = substr(md5(time() . rand(0, 200)), 0, 6);
$this->_Parent->Database->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
}
$this->_email_sent = General::sendEmail($author['email'], $this->_Parent->Database->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . URL . "/symphony/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
## TODO: Fix Me
###
# Delegate: PasswordResetSuccess
# Description: A successful password reset has taken place. Author ID is provided
//$ExtensionManager->notifyMembers('PasswordResetSuccess', getCurrentPage(), array('author_id' => $author['id']));
} else {
## TODO: Fix Me
###
# Delegate: PasswordResetFailure
# Description: A failed password reset has taken place. Author ID is provided
//$ExtensionManager->notifyMembers('PasswordResetFailure', getCurrentPage(), array('author_id' => $author['id']));
$this->_email_sent = false;
}
##Change of password requested
} elseif ($action == 'change' && $this->_Parent->isLoggedIn()) {
if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
$this->_mismatchedPassword = true;
} else {
$author_id = $this->_Parent->Author->get('id');
require_once TOOLKIT . '/class.authormanager.php';
$authorManager = new AuthorManager($this->_Parent);
$author = $authorManager->fetchByID($author_id);
$author->set('password', md5($this->_Parent->Database->cleanValue($_POST['password'])));
if (!$author->commit() || !$this->_Parent->login($author->get('username'), $_POST['password'])) {
redirect(URL . "symphony/system/authors/edit/{$author_id}/error/");
}
## TODO: Fix me
###
# Delegate: PasswordChanged
# Description: After editing an author. ID of the author is provided.
//$ExtensionManager->notifyMembers('PasswordChanged', getCurrentPage(), array('author_id' => $author_id));
redirect(URL . '/symphony/');
}
}
} elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
$sql = "SELECT t1.`id`, t1.`email`, t1.`first_name` \n\t\t\t\t\t FROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . $_REQUEST['token'] . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1";
$author = $this->_Parent->Database->fetchRow(0, $sql);
if (!empty($author)) {
$newpass = General::generatePassword();
General::sendEmail($author['email'], '*****@*****.**', 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $author['first_name'] . ',' . self::CRLF . "As requested, here is your new Symphony Author Password for '" . URL . "'" . self::CRLF . "\t{$newpass}" . self::CRLF . self::CRLF . 'Best Regards,' . self::CRLF . 'The Symphony Team');
$this->_Parent->Database->update(array('password' => md5($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
$this->_Parent->Database->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
## TODO: Fix Me
###
# Delegate: PasswordResetRequest
# Description: User has requested a password reset. Author ID is provided.
//$ExtensionManager->notifyMembers('PasswordResetRequest', getCurrentPage(), array('author_id' => $author['id']));
$this->_alert = 'Password reset. Check your email';
}
}
}
/**
* This function determines whether an there is a currently logged in
* Author for Symphony by using the `$Cookie`'s username
* and password. If an Author is found, they will be logged in, otherwise
* the `$Cookie` will be destroyed.
*
* @see core.Cookie#expire()
*/
public function isLoggedIn()
{
// Ensures that we're in the real world.. Also reduces three queries from database
// We must return true otherwise exceptions are not shown
if (is_null(self::$_instance)) {
return true;
}
if ($this->Author) {
return true;
} else {
$username = self::$Database->cleanValue($this->Cookie->get('username'));
$password = self::$Database->cleanValue($this->Cookie->get('pass'));
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1");
if ($id) {
self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'");
$this->Author = AuthorManager::fetchByID($id);
Lang::set($this->Author->get('language'));
return true;
}
}
$this->Cookie->expire();
return false;
}
}
foreach ($this->dsParamFILTERS as $field => $value) {
if (!is_array($value) && trim($value) == '') {
continue;
}
$ret = __processAuthorFilter($field, $value, Symphony::Database());
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER);
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
/**
* Symphony allows Authors to login via the use of tokens instead of
* a username and password. A token is derived from concatenating the
* Author's username and password and applying the sha1 hash to
* it, from this, a portion of the hash is used as the token. This is a useful
* feature often used when setting up other Authors accounts or if an
* Author forgets their password.
*
* @param string $token
* The Author token, which is a portion of the hashed string concatenation
* of the Author's username and password
* @return boolean
* True if the Author is logged in, false otherwise
*/
public function loginFromToken($token)
{
$token = self::Database()->cleanValue($token);
if (strlen(trim($token)) == 0) {
return false;
}
if (strlen($token) == 6) {
$row = self::Database()->fetchRow(0, sprintf("\n\t\t\t\t\t\tSELECT `a`.`id`, `a`.`username`, `a`.`password`\n\t\t\t\t\t\tFROM `tbl_authors` AS `a`, `tbl_forgotpass` AS `f`\n\t\t\t\t\t\tWHERE `a`.`id` = `f`.`author_id`\n\t\t\t\t\t\tAND `f`.`expiry` > '%s'\n\t\t\t\t\t\tAND `f`.`token` = '%s'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", DateTimeObj::getGMT('c'), $token));
self::Database()->delete('tbl_forgotpass', " `token` = '{$token}' ");
} else {
$row = self::Database()->fetchRow(0, sprintf("SELECT `id`, `username`, `password`\n\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\tWHERE SUBSTR(%s(CONCAT(`username`, `password`)), 1, 8) = '%s'\n\t\t\t\t\tAND `auth_token_active` = 'yes'\n\t\t\t\t\tLIMIT 1", 'SHA1', $token));
}
if ($row) {
$this->Author = AuthorManager::fetchByID($row['id']);
$this->Cookie->set('username', $row['username']);
$this->Cookie->set('pass', $row['password']);
self::Database()->update(array('last_seen' => DateTimeObj::getGMT('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'");
return true;
}
return false;
}
public function formatAuthorString($id, $username)
{
// Get author info
$author = AuthorManager::fetchByID($id);
// If the author no longer exists, use the fallback name
if (!$author instanceof Author) {
$author_string = $username;
} else {
$author_string = Widget::Anchor($author->getFullName(), '/symphony/system/authors/edit/' . $id)->generate();
}
return $author_string;
}
public function prepareTableValue($data, XMLElement $link = NULL, $entry_id = null)
{
if (!is_array($data['author_id'])) {
$data['author_id'] = array($data['author_id']);
}
if (empty($data['author_id'])) {
return NULL;
}
$value = array();
foreach ($data['author_id'] as $author_id) {
$author = AuthorManager::fetchByID($author_id);
if (!is_null($author)) {
$value[] = $author->getFullName();
}
}
return parent::prepareTableValue(array('value' => General::sanitize(implode(', ', $value))), $link, $entry_id);
}
foreach ($this->dsParamFILTERS as $field => $value) {
if (!is_array($value) && trim($value) == '') {
continue;
}
$ret = __processAuthorFilter($field, $value, Symphony::Database());
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
public function groupRecords($records)
{
if (!is_array($records) || empty($records)) {
return;
}
$groups = array($this->get('element_name') => array());
foreach ($records as $r) {
$data = $r->getData($this->get('id'));
if (!isset($data['author_id'])) {
continue;
}
if (!isset($groups[$this->get('element_name')][$data['author_id']])) {
$author = AuthorManager::fetchByID($data['author_id']);
$groups[$this->get('element_name')][$data['author_id']] = array('attr' => array('author-id' => $data['author_id'], 'username' => $author->get('username'), 'full-name' => $author->getFullName()), 'records' => array(), 'groups' => array());
}
$groups[$this->get('element_name')][$data['author_id']]['records'][] = $r;
}
return $groups;
}
public function appendFormattedElement(&$wrapper, $data, $encode = false)
{
if (!is_array($data['author_id'])) {
$data['author_id'] = array($data['author_id']);
}
$list = new XMLElement($this->get('element_name'));
foreach ($data['author_id'] as $author_id) {
$author = AuthorManager::fetchByID($author_id);
if (is_null($author)) {
continue;
}
$list->appendChild(new XMLElement('item', $author->getFullName(), array('id' => (string) $author->get('id'), 'username' => General::sanitize($author->get('username')))));
}
$wrapper->appendChild($list);
}
public function eventPreSave($context)
{
$event = $context['event'];
if (in_array("lock-entry", $event->eParamFILTERS)) {
// see if we're editing anything
if (!isset($_POST['id'])) {
//change $context['message']
return;
} else {
$entry_id = $_POST['id'];
}
// if there's no user logged in, user_id still has to be set to something
$author_id = $context['parent']->isLoggedIn() ? $context['parent']->Author->get('id') : 1;
if (($lock = $this->lockExists($entry_id)) <= 0) {
// if a lock doesn't exist or is expired, we can just give them one (ie ignore it)
$context['messages'] = array(array('lock-entry', 'passed', ''));
} else {
// the lock exists, see if it's owned by the user
if ($lock[0] != $author_id) {
$authorManager = new AuthorManager($this->_Parent);
$authors = $authorManager->fetchByID($this->locked[1]);
$context['messages'] = array(array('lock-entry', 'failed', 'This lease is currently owned by ' . $authors->getFullName() . '.'));
}
}
}
}
public function __actionEdit()
{
if (!($author_id = $this->_context[1])) {
redirect(SYMPHONY_URL . '/system/authors/');
}
$isOwner = $author_id == Administration::instance()->Author->get('id');
if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
$fields = $_POST['fields'];
$this->_Author = AuthorManager::fetchByID($author_id);
$authenticated = false;
if ($fields['email'] != $this->_Author->get('email')) {
$changing_email = true;
}
// Check the old password was correct
if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
$authenticated = true;
} else {
if (Administration::instance()->Author->isDeveloper()) {
$authenticated = true;
}
}
$this->_Author->set('id', $author_id);
if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
$this->_Author->set('user_type', 'developer');
// Primary accounts are always developer, Developers can't lower their level
} elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
$this->_Author->set('user_type', $fields['user_type']);
// Only developer can change user type
}
$this->_Author->set('email', $fields['email']);
$this->_Author->set('username', $fields['username']);
$this->_Author->set('first_name', General::sanitize($fields['first_name']));
$this->_Author->set('last_name', General::sanitize($fields['last_name']));
$this->_Author->set('language', $fields['language']);
if (trim($fields['password']) != '') {
$this->_Author->set('password', General::hash($fields['password']));
$changing_password = true;
}
// Don't allow authors to set the Section Index as a default area
// If they had it previously set, just save `null` which will redirect
// the Author (when logging in) to their own Author record
if ($this->_Author->get('user_type') == 'author' && $fields['default_area'] == '/blueprints/sections/') {
$this->_Author->set('default_area', null);
} else {
$this->_Author->set('default_area', $fields['default_area']);
}
$this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
if ($this->_Author->validate($this->_errors)) {
if (!$authenticated && ($changing_password || $changing_email)) {
if ($changing_password) {
$this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
} elseif ($changing_email) {
$this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
}
} elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
$this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
} elseif ($this->_Author->commit()) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
if ($isOwner) {
Administration::instance()->login($this->_Author->get('username'), $this->_Author->get('password'), true);
}
/**
* After editing an author, provided with the Author object
*
* @delegate AuthorPostEdit
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param Author $author
* An Author object
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostEdit', '/system/authors/', array('author' => $this->_Author));
redirect(SYMPHONY_URL . '/system/authors/edit/' . $author_id . '/saved/');
} else {
$this->pageAlert(__('Unknown errors occurred while attempting to save.') . '<a href="' . SYMPHONY_URL . '/system/log/">' . __('Check your activity log') . '</a>.', Alert::ERROR);
}
} else {
if (is_array($this->_errors) && !empty($this->_errors)) {
$this->pageAlert(__('There were some problems while attempting to save. Please check below for problem fields.'), Alert::ERROR);
}
}
} else {
if (@array_key_exists('delete', $_POST['action'])) {
/**
* Prior to deleting an author, provided with the Author ID.
*
* @delegate AuthorPreDelete
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param integer $author_id
* The ID of Author ID that is about to be deleted
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPreDelete', '/system/authors/', array('author_id' => $author_id));
if (!$isOwner) {
AuthorManager::delete($author_id);
redirect(SYMPHONY_URL . '/system/authors/');
} else {
$this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
}
}
}
}
public function execute(array &$param_pool = null)
{
$author_ids = array();
if (is_array($this->dsParamFILTERS) && !empty($this->dsParamFILTERS)) {
foreach ($this->dsParamFILTERS as $field => $value) {
if (!is_array($value) && trim($value) == '') {
continue;
}
$ret = $this->__processAuthorFilter($field, $value);
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids));
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} elseif (!is_array($authors) || empty($authors)) {
$result = $this->emptyXMLSet();
return $result;
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
$singleParam = false;
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (isset($this->dsParamPARAMOUTPUT)) {
if (!is_array($this->dsParamPARAMOUTPUT)) {
$this->dsParamPARAMOUTPUT = array($this->dsParamPARAMOUTPUT);
}
$singleParam = count($this->dsParamPARAMOUTPUT) === 1;
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
foreach ($this->dsParamPARAMOUTPUT as $param) {
// The new style of paramater is `ds-datasource-handle.field-handle`
$param_key = $key . '.' . str_replace(':', '-', $param);
if (!is_array($param_pool[$param_key])) {
$param_pool[$param_key] = array();
}
$param_pool[$param_key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
if ($singleParam) {
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
$param_pool[$key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
}
}
}
if ($this->_param_output_only) {
continue;
}
$xAuthor = new XMLElement('author');
$xAuthor->setAttributeArray(array('id' => $author->get('id'), 'user-type' => $author->get('user_type'), 'primary-account' => $author->get('primary')));
// No included elements, so just create the Author XML
if (!isset($this->dsParamINCLUDEDELEMENTS) || !is_array($this->dsParamINCLUDEDELEMENTS) || empty($this->dsParamINCLUDEDELEMENTS)) {
$result->appendChild($xAuthor);
} else {
// Name
if (in_array('name', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('name', $author->getFullName()));
}
// Username
if (in_array('username', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('username', $author->get('username')));
}
// Email
if (in_array('email', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('email', $author->get('email')));
}
// Author Token
if (in_array('author-token', $this->dsParamINCLUDEDELEMENTS) && $author->isTokenActive()) {
$xAuthor->appendChild(new XMLElement('author-token', $author->createAuthToken()));
}
// Default Area
if (in_array('default-area', $this->dsParamINCLUDEDELEMENTS) && !is_null($author->get('default_area'))) {
// Section
if ($section = SectionManager::fetch($author->get('default_area'))) {
$default_area = new XMLElement('default-area', $section->get('name'));
$default_area->setAttributeArray(array('id' => $section->get('id'), 'handle' => $section->get('handle'), 'type' => 'section'));
$xAuthor->appendChild($default_area);
} else {
$default_area = new XMLElement('default-area', $author->get('default_area'));
$default_area->setAttribute('type', 'page');
$xAuthor->appendChild($default_area);
}
}
$result->appendChild($xAuthor);
}
}
}
return $result;
}
function __actionEdit()
{
if (!($author_id = $this->_context[1])) {
redirect(URL . '/symphony/system/authors/');
}
$isOwner = $author_id == Administration::instance()->Author->get('id');
if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
$fields = $_POST['fields'];
$this->_Author = AuthorManager::fetchByID($author_id);
$authenticated = false;
if ($fields['email'] != $this->_Author->get('email')) {
$changing_email = true;
}
// Check the old password was correct
if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
$authenticated = true;
} elseif (Administration::instance()->Author->isDeveloper() && $isOwner === false) {
$authenticated = true;
}
$this->_Author->set('id', $author_id);
if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
$this->_Author->set('user_type', 'developer');
// Primary accounts are always developer, Developers can't lower their level
} elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
$this->_Author->set('user_type', $fields['user_type']);
// Only developer can change user type
}
$this->_Author->set('email', $fields['email']);
$this->_Author->set('username', $fields['username']);
$this->_Author->set('first_name', General::sanitize($fields['first_name']));
$this->_Author->set('last_name', General::sanitize($fields['last_name']));
$this->_Author->set('language', $fields['language']);
if (trim($fields['password']) != '') {
$this->_Author->set('password', General::hash($fields['password']));
$changing_password = true;
}
$this->_Author->set('default_section', intval($fields['default_section']));
$this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
if ($this->_Author->validate($this->_errors)) {
if (!$authenticated && ($changing_password || $changing_email)) {
if ($changing_password) {
$this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
} elseif ($changing_email) {
$this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
}
} elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
$this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
} elseif ($this->_Author->commit()) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
if ($isOwner) {
$this->_Parent->login($this->_Author->get('username'), $this->_Author->get('password'), true);
}
## TODO: Fix me
###
# Delegate: Edit
# Description: After editing an author. ID of the author is provided.
//$ExtensionManager->notifyMembers('Edit', getCurrentPage(), array('author_id' => $_REQUEST['id']));
redirect(URL . '/symphony/system/authors/edit/' . $author_id . '/saved/');
} else {
$this->pageAlert(__('Unknown errors occurred while attempting to save. Please check your <a href="%s">activity log</a>.', array(URL . '/symphony/system/log/')), Alert::ERROR);
}
}
} elseif (@array_key_exists('delete', $_POST['action'])) {
## TODO: Fix Me
###
# Delegate: Delete
# Description: Prior to deleting an author. ID is provided.
//$ExtensionManager->notifyMembers('Delete', getCurrentPage(), array('author_id' => $author_id));
if (!$isOwner) {
AuthorManager::delete($author_id);
redirect(URL . '/symphony/system/authors/');
} else {
$this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
}
}
}
public function groupRecords($records)
{
if (!is_array($records) || empty($records)) {
return;
}
$groups = array($this->get('element_name') => array());
foreach ($records as $r) {
$data = $r->getData($this->get('id'));
$author_id = !isset($data['author_id']) ? 0 : $data['author_id'];
if (!isset($groups[$this->get('element_name')][$author_id])) {
$author = AuthorManager::fetchByID($author_id);
// If there is an author, use those values, otherwise just blank it.
if ($author instanceof Author) {
$username = $author->get('username');
$full_name = $author->getFullName();
} else {
$username = '';
$full_name = '';
}
$groups[$this->get('element_name')][$author_id] = array('attr' => array('author-id' => $author_id, 'username' => $username, 'full-name' => $full_name), 'records' => array(), 'groups' => array());
}
$groups[$this->get('element_name')][$author_id]['records'][] = $r;
}
return $groups;
}
public function action()
{
if (isset($_POST['action'])) {
$actionParts = array_keys($_POST['action']);
$action = end($actionParts);
##Login Attempted
if ($action == 'login') {
if (empty($_POST['username']) || empty($_POST['password']) || !Administration::instance()->login($_POST['username'], $_POST['password'])) {
/**
* A failed login attempt into the Symphony backend
*
* @delegate AuthorLoginFailure
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $username
* The username of the Author who attempted to login.
*/
Symphony::ExtensionManager()->notifyMembers('AuthorLoginFailure', '/login/', array('username' => $_POST['username']));
$this->_invalidPassword = true;
} else {
/**
* A successful login attempt into the Symphony backend
*
* @delegate AuthorLoginSuccess
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $username
* The username of the Author who logged in.
*/
Symphony::ExtensionManager()->notifyMembers('AuthorLoginSuccess', '/login/', array('username' => $_POST['username']));
if (isset($_POST['redirect'])) {
redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
}
redirect(SYMPHONY_URL);
}
##Reset of password requested
} elseif ($action == 'reset') {
$author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . Symphony::Database()->cleanValue($_POST['email']) . "'");
if (!empty($author)) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
if (!($token = Symphony::Database()->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
$token = substr(General::hash(time() . rand(0, 1000)), 0, 6);
Symphony::Database()->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
}
try {
$email = Email::create();
$email->recipients = $author['email'];
$email->subject = __('New Symphony Account Password');
$email->text_plain = __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . SYMPHONY_URL . "/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team');
$email->send();
$this->_email_sent = true;
} catch (Exception $e) {
} catch (EmailGatewayException $e) {
throw new SymphonyErrorPage('Error sending email. ' . $e->getMessage());
}
/**
* When a password reset has occured and after the Password
* Reset email has been sent.
*
* @delegate AuthorPostPasswordResetSuccess
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who requested the password reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetSuccess', '/login/', array('author_id' => $author['id']));
} else {
/**
* When a password reset has been attempted, but Symphony doesn't
* recognise the credentials the user has given.
*
* @delegate AuthorPostPasswordResetFailure
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $email
* The santizied Email of the Author who tried to request the password reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetFailure', '/login/', array('email' => Symphony::Database()->cleanValue($_POST['email'])));
$this->_email_sent = false;
}
##Change of password requested
} elseif ($action == 'change' && Administration::instance()->isLoggedIn()) {
if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
$this->_mismatchedPassword = true;
} else {
$author_id = Administration::instance()->Author->get('id');
$author = AuthorManager::fetchByID($author_id);
$author->set('password', General::hash(Symphony::Database()->cleanValue($_POST['password'])));
if (!$author->commit() || !Administration::instance()->login($author->get('username'), $_POST['password'])) {
redirect(SYMPHONY_URL . "/system/authors/edit/{$author_id}/error/");
}
/**
* When an Author changes their password as the result of a login
* with an emergency token (ie. forgot password). Just after their
* new password has been set successfully
*
* @delegate AuthorPostPasswordChange
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who has just changed their password
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordChange', '/login/', array('author_id' => $author_id));
redirect(SYMPHONY_URL);
}
}
} elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
$author = Symphony::Database()->fetchRow(0, "SELECT t1.`id`, t1.`email`, t1.`first_name`\n\t\t\t\t\t\tFROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . Symphony::Database()->cleanValue($_REQUEST['token']) . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1");
if (!empty($author)) {
$newpass = General::generatePassword();
General::sendEmail($author['email'], Symphony::Database()->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __("As requested, here is your new Symphony Author Password for ") . URL . " " . self::CRLF . " {$newpass}" . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
Symphony::Database()->update(array('password' => General::hash($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
Symphony::Database()->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
/**
* Just after a Forgot Password email has been sent to the Author
* who has requested a password reset.
*
* @delegate AuthorPostPasswordResetRequest
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who has requested their password be reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetRequest', '/login/', array('author_id' => $author['id']));
$this->_alert = __('Password reset. Check your email');
}
}
}
