/** * Verifies the current user cannot delete his role. * * Request current user password before deletion of any User Roles. * * @param Request $request Current router request. * * @return void */ protected function beforeDelete(Request $request) { if (!$request->post('password') || !Crypt::hashCompare($this->user->password, $request->post('password'))) { if (!$request->is('xhr')) { Helpers\FlashMessage::set($this->labels['general']['not_authorized'], 'danger'); } $request->redirectTo('index'); } if ($this->user->role_id == $this->resource->getPrimaryKeyValue()) { if (!$request->is('xhr')) { Helpers\FlashMessage::set($this->labels['errors']['delete']['self'], 'danger'); } $request->redirectTo('index'); } parent::beforeDelete($request); }
/** * Preview action. * * @param Request $request Request instance. * * @return void */ public function preview(Request $request) { if ($request->is('xhr')) { $this->renderer->setLayout(null); $this->renderer->setView(null); $parser = new Parsedown(); $this->renderer->setOutput($parser->text($request->post('content'))); } }
/** * Prevents Association of not owned resource. * * @param \Core\Modules\Router\Request $request Request object. * * @return void */ private function preventAssociationOfNotOwnedResource(Request $request) { foreach ($this->attributes as $attribute => $options) { if ($request->post($attribute)) { $association = $this->resource->getAssociationMetaDataByKey($attribute); if (!$association && isset($this->resource->hasAndBelongsToMany[$attribute])) { $association = $this->resource->hasAndBelongsToMany[$attribute]; } if ($association && $this->user->owns($association['class_name'])) { if (!Helpers\Ownership::checkIds($request->post($attribute), $association['class_name'])) { $this->resource->setError($attribute, 'not_exists'); } } } } }
/** * Password reset action. * * @param Request $request Current router request. * * @return void */ public function reset(Request $request) { if ($request->is('post')) { $this->errors = array(); $user = new Models\CMSUser(); if ($this->captcha && !Helpers\Captcha::isValid($this->captcha)) { $this->errors['captcha'] = true; } elseif (filter_var($request->post('email'), FILTER_VALIDATE_EMAIL) === false) { $this->errors['email'] = true; } elseif (!($user = Models\CMSUser::find()->where('email = ?', array($request->post('email')))->first())) { $this->errors['email'] = true; } if (!$this->errors) { $user->save(array('updated_on' => gmdate('Y-m-d H:i:s')), true); $this->name = $user->name; $this->password_reset_link = Core\Router()->toFullUrl(array('controller' => 'authentication', 'action' => 'renew', 'id' => sha1($user->password . Core\Config()->USER_AUTH['cookie_salt'] . $user->email))); $mailForPasswordReset = array('from' => array(Core\Config()->MAILER['identity']['email'] => Core\Config()->MAILER['identity']['name']), 'to' => array($user->email => $user->name), 'subject' => $this->labels['mails']['reset']['subject'], 'content' => $this->getPartialOutput('authentication/mails/password_reset')); Core\Helpers\Mailer::send($mailForPasswordReset); Helpers\FlashMessage::set($this->labels['reset']['success'], 'success'); Core\Session()->remove('authentication_error'); Core\Session()->remove('captcha'); } else { if ($this->captcha) { Helpers\FlashMessage::set($this->labels['captcha']['error'], 'danger'); } else { Helpers\FlashMessage::set($this->labels['reset']['error'], 'danger'); } Core\Session()->set('authentication_error', true); if (Core\Config()->CAPTCHA['enabled']) { $this->loadCaptcha(Core\Config()->CAPTCHA); } } } }