Esempio n. 1
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('username', 'password', 'rptpassword', 'email');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please specify at least:
                                <ul>
                                  <li>Administrator username, password and email</li>
                                </ul>';
         return;
     }
     $fields = $reqfields;
     extract($postData->filter($fields));
     $usernamepattern = '/^[a-z][-a-z0-9_.]*$/i';
     if (!preg_match($usernamepattern, $username)) {
         $this->errorMessage = 'The submitted username is invalid.';
         return;
     }
     if ($password !== $rptpassword) {
         $this->errorMessage = 'The submitted passwords do not match.';
         return;
     }
     $dbc = Application::dbConnection();
     $dbc->installDatabase();
     $dbc->setDefaultOptions();
     $uid = $dbc->users()->addUser($username, $username, $email, $password);
     $dbc->users()->setFlags($uid, \tniessen\tinyIt\Database\UsersTableAdapter::FLAG_ALMIGHTY);
     Installer::completeInstallation();
     $this->redirectTo('home');
     exit;
 }
Esempio n. 2
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('target_link');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please enter a target link.';
         return;
     }
     $fields = $reqfields;
     $fields[] = 'use_custom_path';
     $fields[] = 'custom_path';
     $fields[] = 'override_wildcards';
     extract($postData->filter($fields));
     if ($override_wildcards) {
         if (!self::hasPermission('link.override_wildcards')) {
             $this->errorMessage = 'You are not permitted to override wildcards.';
             return;
         }
     }
     $dbc = Application::dbConnection();
     $opts = $dbc->options()->getOptions(array('linkgen_chars', 'linkgen_length', 'custom_links_regex'));
     extract($opts);
     if ($use_custom_path) {
         if (!$custom_path) {
             $this->errorMessage = 'Please enter a valid short path or uncheck the custom path option.';
             return;
         }
         if (!self::hasPermission('link.custom_path')) {
             $this->errorMessage = 'You are not permitted to use custom paths.';
             return;
         }
         if (!preg_match("/{$custom_links_regex}/", $custom_path)) {
             $this->errorMessage = 'The chosen short path is not allowed due to administrative restrictions.';
             return;
         }
         $shortpath = $custom_path;
     } else {
         $linkgen_length = intval($linkgen_length);
         $shortpath = $dbc->links()->findAvailablePath($linkgen_length, $linkgen_chars);
     }
     $conflict = $dbc->links()->checkConflictsStatic($shortpath);
     $this->allowOverrideWildcards = !!$conflict && self::hasPermission('link.override_wildcards');
     if ($conflict) {
         if ($conflict->type === 'static') {
             $this->errorMessage = 'Another link with the same path or a conflicting path already exists.';
             return;
         }
         if ($conflict->type === 'regex' && !$override_wildcards) {
             $url = self::getURL('links/details', array('link' => $conflict->id))->build();
             $this->errorMessage = 'This path would override <a href="' . WebRenderer::escapeAttr($url) . '">a defined wildcard</a>.';
             return;
         }
     }
     $entry = $dbc->links()->addLink('static', $shortpath, $target_link, Authorization::user()->id);
     if (!$entry) {
         $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.';
         return;
     }
     self::redirectTo('links/details', array('link' => $entry->id));
     exit;
 }
Esempio n. 3
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('username', 'password', 'rptpassword', 'email');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please submit username, password and e-mail.';
         return;
     }
     $fields = $reqfields;
     extract($postData->filter($fields));
     $usernamepattern = '/^[a-z][-a-z0-9_.]*$/i';
     if (!preg_match($usernamepattern, $username)) {
         $this->errorMessage = 'The submitted username is invalid.';
         return;
     }
     if ($password !== $rptpassword) {
         $this->errorMessage = 'The passwords do not match.';
         return;
     }
     $dbc = Application::dbConnection();
     $existing = $dbc->users()->getUserByName($username);
     if ($existing) {
         $this->errorMessage = 'This username is already taken.';
         return;
     }
     $uid = $dbc->users()->addUser($username, $username, $email, $password);
     $defGroup = $dbc->options()->getOption('registration_user_group');
     if ($defGroup) {
         $dbc->users()->setGroup($uid, $defGroup);
     }
     $this->redirectTo('login');
     exit;
 }
Esempio n. 4
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('display_name', 'email');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     $fields[] = 'username';
     extract($postData->filter($fields));
     $dbc = Application::dbConnection();
     $uid = $this->userInfo->id;
     if ($username && $this->userInfo->name !== $username) {
         if (!$this->settings['allow_name_changes']) {
             $this->errorMessage = 'Renaming users is currently forbidden.';
             return;
         }
         if (!self::hasPermission('user.change_name')) {
             $this->errorMessage = 'You are not permitted to change your user name.';
             return;
         }
         $usernamepattern = '/^[a-z][-a-z0-9_.]*$/i';
         if (!preg_match($usernamepattern, $username)) {
             $this->errorMessage = 'The submitted username is invalid.';
             return;
         }
         $conflict = $dbc->users()->getUserByName($username);
         if ($conflict) {
             $this->errorMessage = 'A user with this name already exists.';
             return;
         }
         $success = $dbc->users()->renameUser($uid, $username);
         if (!$success) {
             $this->errorMessage = 'Error while renaming user.';
             return;
         }
     }
     if ($this->userInfo->display_name !== $display_name) {
         if (!self::hasPermission('user.change_display_name')) {
             $this->errorMessage = 'You are not permitted to change your public name.';
             return;
         }
         $success = $dbc->users()->setDisplayName($uid, $display_name);
         if (!$success) {
             $this->errorMessage = 'Error while updating display name.';
             return;
         }
     }
     if ($this->userInfo->email !== $email) {
         if (!self::hasPermission('user.change_email')) {
             $this->errorMessage = 'You are not permitted to change your email.';
             return;
         }
         $success = $dbc->users()->setEmail($uid, $email);
         if (!$success) {
             $this->errorMessage = 'Error while updating email.';
             return;
         }
     }
 }
Esempio n. 5
0
 public function init($params)
 {
     self::requireNonce();
     self::requirePermission('session.switch_user');
     if ($this->revert) {
         if (Authorization::switched()) {
             Authorization::switchBack();
         }
         self::redirectTo('home');
         exit;
     } else {
         if ($this->uid === false) {
             self::redirectTo('home');
             exit;
         }
         $dbc = Application::dbConnection();
         $this->userInfo = $dbc->users()->getUser($this->uid);
         if ($this->userInfo) {
             if ($this->confirmed) {
                 if (Authorization::switched()) {
                     Authorization::switchBack();
                 }
                 $s = Authorization::switchUser($this->userInfo);
                 if ($s) {
                     self::redirectTo('home');
                     exit;
                 }
                 $this->errorMessage = 'Switching failed.';
             }
         }
     }
 }
Esempio n. 6
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('link_path', 'link_target', 'link_priority');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please specify:
                                <ul>
                                  <li>Path</li>
                                  <li>Target</li>
                                  <li>Priority</li>
                                </ul>';
         return;
     }
     $fields = $reqfields;
     extract($postData->filter($fields));
     $link_priority = intval($link_priority);
     if ($link_priority < 0 || $link_priority > 1000) {
         $this->errorMessage = 'Priority must be between 0 and 1000';
         return;
     }
     $dbc = Application::dbConnection();
     $entry = $dbc->links()->addLink('regex', $link_path, $link_target, Authorization::user()->id);
     if (!$entry) {
         $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.';
         return;
     }
     $success = $dbc->links()->setPriority($entry->id, $link_priority);
     if (!$success) {
         $url = self::getURL('links/details', array('link' => $entry->id));
         $this->errorMessage = 'The link was created, but the priority could not be set. Please <a href="' . WebRenderer::escapeAttr($url) . '">try again</a>';
         return;
     }
     self::redirectTo('links/details', array('link' => $entry->id));
     exit;
 }
Esempio n. 7
0
 public function init($params)
 {
     Page::requireNonce();
     Page::requirePermission('group.add_groups');
     $dbc = Application::dbConnection();
     $group_id = $dbc->groups()->addGroup('New Group');
     self::redirectTo('groups/details', array('group' => $group_id, 'edit' => 1));
     exit;
 }
Esempio n. 8
0
 public function render()
 {
     $opts = array();
     if ($this->errorMessage !== null) {
         $opts['errorMessage'] = $this->errorMessage;
     }
     $dbc = Application::dbConnection();
     $opts['allowRegistration'] = $dbc->options()->getOption('allow_registration');
     $this->renderTemplate('login', $opts);
 }
Esempio n. 9
0
 public function init($params)
 {
     self::requireLogin();
     $dbc = Application::dbConnection();
     $perPage = 20;
     $offset = ($this->page - 1) * $perPage;
     $all = $dbc->groups()->getGroups($offset, $perPage + 1);
     $this->hasNextPage = count($all) > $perPage;
     $this->hasPreviousPage = $this->page > 1;
     $this->groups = array_slice($all, 0, $perPage);
 }
Esempio n. 10
0
 /**
  * Checks whether the members of a group have a permission.
  *
  * @param int $group
  * @param string $what
  * @return bool
  */
 public static function groupCan($group, $what)
 {
     if (!isset(self::$permissions[$group])) {
         $dbc = Application::dbConnection();
         $perms = $dbc->permissions()->getPermissions($group);
         self::$permissions[$group] = $perms;
     } else {
         $perms = self::$permissions[$group];
     }
     return in_array($what, $perms, true);
 }
Esempio n. 11
0
 public function init($params)
 {
     $linkId = 0;
     if (isset($params['path'])) {
         $dbc = Application::dbConnection();
         $link = $dbc->links()->resolvePath($params['path']);
         if ($link) {
             $linkId = $link->id;
         }
     }
     self::redirectTo('links/details', array('link' => $linkId));
     exit;
 }
Esempio n. 12
0
 public function init($params)
 {
     self::requireLogin();
     $dbc = Application::dbConnection();
     if ($uid = $this->userId) {
         $this->userInfo = $dbc->users()->getUser($uid);
         if ($this->userInfo) {
             if ($this->userId !== Authorization::user()->id) {
                 if (self::hasPermission('session.switch_user')) {
                     $this->canSwitchUser = true;
                 }
             }
             if ($this->deleteMode) {
                 self::requireNonce();
                 $allowed = self::hasPermission('user.delete_accounts');
                 $allowed |= $uid === Authorization::user()->id && self::hasPermission('user.delete_self');
                 if ($allowed) {
                     $dbc->links()->removeLinksByUser($uid);
                     if ($dbc->users()->removeUser($uid)) {
                         self::redirectTo('users/list');
                         exit;
                     } else {
                         $this->errorMessage = 'Internal error while deleting user';
                     }
                 } else {
                     $this->errorMessage = 'You are not permitted to delete this user account.';
                 }
             } else {
                 if (isset($params['setGroup'])) {
                     $newgroup = intval($params['setGroup']);
                     $ok = true;
                     if ($newgroup) {
                         $g = $dbc->groups()->getGroup($newgroup);
                         if (!$g) {
                             $ok = false;
                             $this->errorMessage = 'The selected group was not found.';
                         }
                     }
                     if ($ok) {
                         $dbc->users()->setGroup($uid, $newgroup);
                         $this->userInfo = $dbc->users()->getUser($uid);
                     }
                 }
             }
             if ($this->userInfo->group_id) {
                 $this->groupInfo = $dbc->groups()->getGroup($this->userInfo->group_id);
             }
             $this->availableGroups = $dbc->groups()->getGroups(0, 100);
         }
     }
 }
Esempio n. 13
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('home_action');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     $fields[] = 'home_target';
     extract($postData->filter($fields));
     if ($home_action === 'redirect' && !$home_target) {
         $this->errorMessage = 'Please enter a valid target URL to use as the home page.';
         return;
     }
     $dbc = Application::dbConnection();
     $dbc->options()->setOptions(array('home_action' => $home_action, 'home_target' => $home_target));
     $this->currentParams = null;
 }
Esempio n. 14
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array('linkgen_chars', 'linkgen_length', 'custom_links_regex');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     extract($postData->filter($fields));
     $linkgen_length = intval($linkgen_length);
     if ($linkgen_length < 3 || $linkgen_length > 10) {
         $this->errorMessage = 'Generated path length should be between three and ten.';
         return;
     }
     $dbc = Application::dbConnection();
     $dbc->options()->setOptions(array('linkgen_chars' => $linkgen_chars, 'linkgen_length' => $linkgen_length, 'custom_links_regex' => $custom_links_regex));
     $this->currentParams = null;
 }
Esempio n. 15
0
 public function init($params)
 {
     self::requireLogin();
     $dbc = Application::dbConnection();
     $perPage = 20;
     $offset = ($this->page - 1) * $perPage;
     $all = $dbc->links()->getLinks($offset, $perPage + 1);
     $this->hasNextPage = count($all) > $perPage;
     $this->hasPreviousPage = $this->page > 1;
     $this->links = array_slice($all, 0, $perPage);
     $users = array();
     foreach ($this->links as $link) {
         $ak = strval($link->owner_id);
         if (!isset($users[$ak])) {
             $users[$ak] = $dbc->users()->getUser($link->owner_id);
         }
         $link->userInfo = $users[$ak];
     }
 }
Esempio n. 16
0
 private function tryProcessPostData($postData)
 {
     $reqfields = array();
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     $fields[] = 'allow_registration';
     $fields[] = 'registration_user_group';
     $fields[] = 'allow_name_changes';
     extract($postData->filter($fields));
     $allow_registration = !!$allow_registration;
     $registration_user_group = intval($registration_user_group);
     $allow_name_changes = !!$allow_name_changes;
     $dbc = Application::dbConnection();
     $dbc->options()->setOptions(array('allow_registration' => $allow_registration, 'registration_user_group' => $registration_user_group, 'allow_name_changes' => $allow_name_changes));
     $this->currentParams = null;
 }
Esempio n. 17
0
 private function tryProcessEditPostData($postData)
 {
     $reqfields = array('group_name');
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     extract($postData->filter($fields));
     $dbc = Application::dbConnection();
     $opts = $dbc->options()->getOptions();
     extract($opts);
     if ($this->groupInfo->name !== $group_name) {
         $success = $dbc->groups()->renameGroup($this->groupInfo->id, $group_name);
         if (!$success) {
             $this->errorMessage = 'An internal error occurred while renaming the group. Please try again or ask an administrator for help.';
             return;
         }
     }
     self::redirectTo('groups/details', array('group' => $this->groupInfo->id));
     exit;
 }
Esempio n. 18
0
 /**
  * Attempts to create an authorized session using given credentials.
  *
  * @param string $name
  * @param string $password
  *
  * @see Database\UsersTableAdapter::getUserByName
  * @see Cryptography::check
  */
 public static function login($name, $password)
 {
     $dbc = Application::dbConnection();
     $user = $dbc->users()->getUserByName($name);
     if (!$user) {
         return false;
     }
     $correctPassword = Cryptography::check($password, $user->password);
     if ($correctPassword) {
         $_SESSION['tiUserId'] = $user->id;
         $_SESSION['tiNonce'] = sha1(microtime(true));
         self::$userInfo = $user;
         return $user->id;
     } else {
         self::clearSessionData();
         self::$userInfo = null;
         return false;
     }
 }
Esempio n. 19
0
 private function tryProcessEditPostData($postData)
 {
     $regex = $this->linkInfo->type === 'regex';
     $reqfields = array('link_path', 'link_target');
     if ($regex) {
         $reqfields[] = 'link_priority';
     }
     if (!$postData->hasValues($reqfields)) {
         $this->errorMessage = 'Please fill out all required fields.';
         return;
     }
     $fields = $reqfields;
     $fields[] = 'override_wildcards';
     extract($postData->filter($fields));
     if ($override_wildcards) {
         if (!self::hasPermission('link.override_wildcards')) {
             $this->errorMessage = 'You are not permitted to override wildcards.';
             return;
         }
     }
     $dbc = Application::dbConnection();
     $opts = $dbc->options()->getOptions(array('custom_links_regex'));
     extract($opts);
     if (!$regex && $this->linkInfo->path !== $link_path) {
         if (!preg_match("/{$custom_links_regex}/", $link_path)) {
             $this->errorMessage = 'The chosen short path is not allowed due to administrative restrictions.';
             return;
         }
         $conflict = $dbc->links()->checkConflictsStatic($link_path);
         if ($conflict) {
             if ($conflict->type === 'static') {
                 $this->errorMessage = 'Another link with the same path or a conflicting path already exists.';
                 return;
             }
             if ($conflict->type === 'regex') {
                 $this->allowOverrideWildcards = self::hasPermission('link.override_wildcards');
                 if (!$override_wildcards || !$this->allowOverrideWildcards) {
                     $url = self::getURL('links/details', array('link' => $conflict->id))->build();
                     $this->errorMessage = 'This path would override <a href="' . WebRenderer::escapeAttr($url) . '">a defined wildcard</a>.';
                     return;
                 }
             }
         }
     }
     if ($this->linkInfo->path !== $link_path || $this->linkInfo->target !== $link_target) {
         if (!self::hasPermission('link.custom_path')) {
             $this->errorMessage = 'You are not permitted to use custom paths.';
             return;
         }
         $success = $dbc->links()->updateLink($this->linkInfo->id, $link_path, $link_target);
         if (!$success) {
             $this->errorMessage = 'An internal error occurred while saving the changes. Please try again or ask an administrator for help.';
             return;
         }
     }
     if ($regex && $this->linkInfo->priority !== $link_priority) {
         $s = $dbc->links()->setPriority($this->linkInfo->id, $link_priority);
         if (!$s) {
             $this->errorMessage = 'The priority could not be changed.';
             return;
         }
     }
     self::redirectTo('links/details', array('link' => $this->linkInfo->id));
     exit;
 }