/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\GroupsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id');
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Get all groups that are available for the target operator.
$groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups();
// Build list of operator's new groups.
$new_groups = array();
foreach ($groups as $group) {
if ($request->request->get('group' . $group['groupid']) == 'on') {
$new_groups[] = $group['groupid'];
}
}
// Update operator's group and redirect the current operator to the same
// page using GET method.
update_operator_groups($op['operatorid'], $new_groups);
$redirect_to = $this->generateUrl('operator_groups', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\LoginController::showFormAction()} method.
*
* Triggers 'operatorLogin' event after operator logged in and pass to it an
* associative array with following items:
* - 'operator': array of the logged in operator info;
* - 'remember': boolean, indicates if system should remember operator.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$login = $request->request->get('login');
$password = $request->request->get('password');
$remember = $request->request->get('isRemember') == 'on';
$errors = array();
$operator = operator_by_login($login);
$operator_can_login = $operator && isset($operator['vcpassword']) && check_password_hash($operator['vclogin'], $password, $operator['vcpassword']) && !operator_is_disabled($operator);
if ($operator_can_login) {
// Login the operator to the system
$this->getAuthenticationManager()->loginOperator($operator, $remember);
// Redirect the current operator to the needed page.
$target = isset($_SESSION[SESSION_PREFIX . 'backpath']) ? $_SESSION[SESSION_PREFIX . 'backpath'] : $request->getUriForPath('/operator');
return $this->redirect($target);
} else {
if (operator_is_disabled($operator)) {
$errors[] = getlocal('Your account is temporarily blocked. Please contact system administrator.');
} else {
$errors[] = getlocal("Entered login/password is incorrect");
}
}
// Rebuild login form
$request->attributes->set('errors', $errors);
return $this->showFormAction($request);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\PermissionsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
foreach (permission_ids() as $perm => $id) {
if ($request->request->get('permissions' . $id) == 'on') {
$new_permissions |= 1 << $perm;
} else {
$new_permissions &= ~(1 << $perm);
}
}
// Update operator's permissions in the database and in cached
// authentication manager data if it is needed.
update_operator_permissions($op['operatorid'], $new_permissions);
if ($operator['operatorid'] == $op_id) {
$operator['iperm'] = $new_permissions;
$this->getAuthenticationManager()->setOperator($operator);
}
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl('operator_permissions', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Removes a group from the database.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function deleteAction(Request $request)
{
csrf_check_token($request);
// Remove the group and all its relations.
$group_id = $request->attributes->getInt('group_id');
delete_group($group_id);
// Redirect user to canned messages list. Use only "sortby" and
// "sortdirection" get params for the target URL.
$parameters = array_intersect_key($request->query->all(), array_flip(array('sortby', 'sortdirection')));
return $this->redirect($this->generateUrl('groups', $parameters));
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\FeaturesController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
// Update options in the database.
$options = $this->getOptionsList();
foreach ($options as $opt) {
$value = $request->request->get($opt) == 'on' ? '1' : '0';
Settings::set($opt, $value);
}
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl('settings_features', array('stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslationImportController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$target = $request->request->get('target');
if (!preg_match("/^[\\w-]{2,5}\$/", $target)) {
$target = get_current_locale();
}
$override = (bool) $request->request->get('override', false);
// Validate uploaded file
$file = $request->files->get('translation_file');
if ($file) {
// Process uploaded file.
$orig_filename = $file->getClientOriginalName();
$file_size = $file->getSize();
if ($file_size == 0 || $file_size > Settings::get('max_uploaded_file_size')) {
$errors[] = failed_uploading_file($orig_filename, "Uploaded file size exceeded");
} elseif ($file->getClientOriginalExtension() != 'po') {
$errors[] = failed_uploading_file($orig_filename, "Invalid file type");
}
} else {
$errors[] = getlocal("No file selected");
}
// Try to process uploaded file
if (count($errors) == 0) {
try {
// Try to import new messages.
import_messages($target, $file->getRealPath(), $override);
// Remove cached client side translations.
$this->getCache()->getItem('translation/js/' . $target)->clear();
// The file is not needed any more. Remove it.
unlink($file->getRealPath());
} catch (\Exception $e) {
$errors[] = $e->getMessage();
}
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Redirect the operator to the same page using GET method.
$redirect_to = $this->generateUrl('translation_import', array('stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslationExportController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$target = $request->request->get('target');
if (!preg_match("/^[\\w-]{2,5}\$/", $target)) {
$target = get_current_locale();
}
$messages = load_messages($target);
ksort($messages);
$catalogue = new MessageCatalogue($target, array('messages' => $messages));
$dumper = new PoFileDumper();
$output = $dumper->format($catalogue);
$response = new Response();
$response->headers->set('Content-type', 'application/octet-stream');
$response->headers->set('Content-Disposition', sprintf('attachment; filename=translation-%s.po', $target));
$response->headers->set('Content-Length', strlen($output));
$response->headers->set('Content-Transfer-Encoding', 'binary');
$response->setContent($output);
return $response;
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showMembersFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator's group with specified ID is
* not found in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operators = get_operators_list();
$group_id = $request->attributes->getInt('group_id');
$group = group_by_id($group_id);
// Check if specified group exists
if (!$group) {
throw new NotFoundException('The group is not found.');
}
// Update members list
$new_members = array();
foreach ($operators as $op) {
if ($request->request->get('op' . $op['operatorid']) == 'on') {
$new_members[] = $op['operatorid'];
}
}
update_group_members($group_id, $new_members);
// Redirect opeartor to group members page.
$parameters = array('group_id' => $group_id, 'stored' => true);
return $this->redirect($this->generateUrl('group_members', $parameters));
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\BanController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the ban with specified ID is not found in
* the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$page = array('banId' => '', 'saved' => false);
// Get form fields and validate them
$ban_id = $request->attributes->getInt('ban_id');
$address = $request->request->get('address');
$days = $request->request->get('days');
$comment = $request->request->get('comment');
if (!$address) {
$errors[] = no_field('Visitor\'s Address');
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field('Days');
}
if (!$comment) {
$errors[] = no_field('Comment');
}
// Check if the ban already exists in the database
$existing_ban = Ban::loadByAddress($address);
$ban_duplicate = !$ban_id && $existing_ban || $ban_id && $existing_ban && $ban_id != $existing_ban->id;
if ($ban_duplicate) {
$ban_url = $this->generateUrl('ban_edit', array('ban_id' => $existing_ban->id));
$errors[] = getlocal('The specified address is already in use. Click <a href="{1}">here</a> if you want to edit it.', array($address, $ban_url));
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
// Save ban into the database
if (!$ban_id) {
$ban = new Ban();
$ban->created = time();
} else {
$ban = Ban::load($ban_id);
if (!$ban) {
throw new NotFoundException('The ban is not found.');
}
}
$ban->till = time() + $days * 24 * 60 * 60;
$ban->address = $address;
$ban->comment = $comment;
$ban->save();
// Rerender the form page
$page['saved'] = true;
$page['address'] = $address;
$page['title'] = getlocal('Block address');
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('ban', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Localization\LocaleController::showEditFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the locale with specified code is not found
* in the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$locale = $request->attributes->get('locale');
$time_locale = $request->request->get('timelocale');
$date_format_full = $request->request->get('dateformatfull');
$date_format_date = $request->request->get('dateformatdate');
$date_format_time = $request->request->get('dateformattime');
if (!$locale) {
throw new NotFoundException();
}
if (!$time_locale) {
$errors[] = no_field('Time locale');
}
if (!$date_format_full) {
$errors[] = no_field('Date format (full)');
}
if (!$date_format_date) {
$errors[] = no_field('Date format (date)');
}
if (!$date_format_time) {
$errors[] = no_field('Date format (time)');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
$locale_info = get_locale_info($locale);
$locale_info['time_locale'] = $time_locale;
$locale_info['date_format'] = array('full' => $date_format_full, 'date' => $date_format_date, 'time' => $date_format_time);
// Save the locale
set_locale_info($locale, $locale_info);
// Redirect the user to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('locale_edit', array('locale' => $locale, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Resets operators password and provides an ability to set the new one.
*
* @param Request $request
* @return string Rendered page content
*/
public function resetAction(Request $request)
{
$page = array('version' => MIBEW_VERSION, 'showform' => true, 'title' => getlocal('Change your password'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
if ($request->isMethod('POST')) {
// When HTTP GET method is used the form is just rendered but the
// user does not pass any data. Thus we need to prevent CSRF attacks
// only for POST requests
csrf_check_token($request);
}
// Make sure user id is specified and its format is correct.
$op_id = $request->isMethod('GET') ? $request->query->get('id') : $request->request->get('id');
if (!preg_match("/^\\d{1,9}\$/", $op_id)) {
throw new BadRequestException();
}
// Make sure token is specified and its format is correct.
$token = $request->isMethod('GET') ? $request->query->get('token') : $request->request->get('token');
if (!preg_match("/^[\\dabcdef]+\$/", $token)) {
throw new BadRequestException();
}
$operator = operator_by_id($op_id);
if (!$operator) {
$page['errors'][] = 'No such operator';
$page['showform'] = false;
} elseif ($token != $operator['vcrestoretoken']) {
$page['errors'][] = 'Wrong token';
$page['showform'] = false;
}
if (count($page['errors']) == 0 && $request->isMethod('POST') && $request->request->has('password')) {
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
if (!$password) {
$page['errors'][] = no_field('Password');
}
if ($password != $password_confirm) {
$page['errors'][] = getlocal('Entered passwords do not match');
}
if (count($page['errors']) == 0) {
$page['isdone'] = true;
// Update the operator
$operator['vcrestoretoken'] = '';
$operator['vcpassword'] = calculate_password_hash($operator['vclogin'], $password);
update_operator($operator);
$page['loginname'] = $operator['vclogin'];
return $this->render('password_recovery_reset', $page);
}
}
$page['id'] = $op_id;
$page['token'] = $token;
$page['isdone'] = false;
return $this->render('password_recovery_reset', $page);
}
/**
* Updates a plugin.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the plugin with specified name is not found
* in the system.
*/
public function updateAction(Request $request)
{
csrf_check_token($request);
$plugin_name = $request->attributes->get('plugin_name');
if (!PluginUtils::pluginExists($plugin_name)) {
throw new NotFoundException('The plugin is not found.');
}
// Update the plugin
if (!PluginManager::getInstance()->update($plugin_name)) {
$error = getlocal('Plugin "{0}" cannot be updated.', array($plugin_name));
$request->attributes->set('errors', array($error));
// The plugin cannot be updated by some reasons. Just rebuild
// index page and show errors there.
return $this->indexAction($request);
}
return $this->redirect($this->generateUrl('plugins'));
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\PerformanceController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$params = array();
$params['online_timeout'] = $request->request->get('onlinetimeout');
if (!is_numeric($params['online_timeout'])) {
$errors[] = wrong_field("Operator online time threshold");
}
$params['connection_timeout'] = $request->request->get('connectiontimeout');
if (!is_numeric($params['connection_timeout'])) {
$errors[] = wrong_field("Connection timeout for messaging window");
}
$params['updatefrequency_operator'] = $request->request->get('frequencyoperator');
if (!is_numeric($params['updatefrequency_operator'])) {
$errors[] = wrong_field("Operator's console refresh time");
}
$params['updatefrequency_chat'] = $request->request->get('frequencychat');
if (!is_numeric($params['updatefrequency_chat'])) {
$errors[] = wrong_field("Chat refresh time");
}
$params['max_connections_from_one_host'] = $request->request->get('onehostconnections');
if (!is_numeric($params['max_connections_from_one_host'])) {
$errors[] = getlocal("\"Max number of threads\" field should be a number");
}
$params['thread_lifetime'] = $request->request->get('threadlifetime');
if (!is_numeric($params['thread_lifetime'])) {
$errors[] = getlocal("\"Thread lifetime\" field should be a number");
}
if (Settings::get('enabletracking')) {
$params['updatefrequency_tracking'] = $request->request->get('frequencytracking');
if (!is_numeric($params['updatefrequency_tracking'])) {
$errors[] = wrong_field("Tracking refresh time");
}
$params['visitors_limit'] = $request->request->get('visitorslimit');
if (!is_numeric($params['visitors_limit'])) {
$errors[] = wrong_field("Limit for tracked visitors list");
}
$params['invitation_lifetime'] = $request->request->get('invitationlifetime');
if (!is_numeric($params['invitation_lifetime'])) {
$errors[] = wrong_field("Invitation lifetime");
}
$params['tracking_lifetime'] = $request->request->get('trackinglifetime');
if (!is_numeric($params['tracking_lifetime'])) {
$errors[] = wrong_field("Track lifetime");
}
}
$params['max_uploaded_file_size'] = $request->request->get('maxuploadedfilesize');
if (!is_numeric($params['max_uploaded_file_size'])) {
$errors[] = wrong_field("Maximum size of uploaded files");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Update settings in the database
foreach ($params as $key => $value) {
Settings::set($key, $value);
}
// Redirect the current operator to the same page using get method.
$redirect_to = $this->generateUrl('settings_performance', array('stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\MailTemplateController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$name = $request->attributes->get('name');
$lang = $this->extractLocale($request);
$errors = array();
$subject = $request->request->get('subject');
if (!$subject) {
$errors[] = no_field('Mail subject');
}
$body = $request->request->get('body');
if (!$body) {
$errors[] = no_field('Mail body');
}
if (count($errors) != 0) {
// On or more errors took place. We cannot continue the saving
// process. Just attach errors to the request and rerender the edit
// form.
$request->attributes->set('errors', $errors);
return $this->showEditFormAction($request);
}
// Get the instance of mail template that should be modified.
$template = MailTemplate::loadByName($name, $lang, true);
if (!$template) {
// The template cannot be loaded. Create a new one.
$template = new MailTemplate($name, $lang);
}
$template->subject = $subject;
$template->body = $body;
$template->save();
$redirect_to = $this->generateUrl('mail_templates', array('lang' => $lang, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Disables a locale.
*
* @param Request $request Incoming request.
* @return \Symfony\Component\HttpFoundation\Response A response object.
* @throws NotFoundException If the locale which should be disabled is not
* found.
*/
public function disableAction(Request $request)
{
csrf_check_token($request);
$locale = $request->attributes->get('locale');
$errors = array();
// Check if locale exists.
if (!in_array($locale, discover_locales())) {
throw new NotFoundException();
}
// Disable locale if we can do so.
$available_locales = get_available_locales();
if (in_array($locale, $available_locales)) {
if (count($available_locales) > 1) {
disable_locale($locale);
} else {
$errors[] = getlocal('Cannot disable all locales.');
}
}
if (count($errors) != 0) {
// Something went wrong. Re-render locales list.
$request->attributes->set('errors', $errors);
return $this->indexAction($request);
}
return $this->redirect($this->generateUrl('locales'));
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showEditFormAction()} method.
*
* @param Request $request incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$group_id = $request->attributes->get('group_id', false);
$parent_group = $request->request->get('parentgroup');
if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) {
$parent_group = null;
}
$name = $request->request->get('name');
$description = $request->request->get('description');
$common_name = $request->request->get('commonname');
$common_description = $request->request->get('commondescription');
$email = $request->request->get('email');
$weight = $request->request->get('weight');
$title = $request->request->get('title');
$chat_title = $request->request->get('chattitle');
$host_url = $request->request->get('hosturl');
$logo = $request->request->get('logo');
if (!$name) {
$errors[] = no_field("Name");
}
if ($email != '' && !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field("E-mail");
}
if (!preg_match("/^(\\d{1,10})?\$/", $weight)) {
$errors[] = wrong_field("Weight");
}
if (!$weight) {
$weight = 0;
}
$existing_group = group_by_name($name);
$duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid'];
if ($duplicate_name) {
$errors[] = getlocal("Please choose another name because a group with that name already exists.");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$group_id) {
// Greate new group
$new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's member page.
$redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid']));
} else {
// Update exisitng group
update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's page.
$redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id));
}
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslateController::showEditFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$string_id = $request->attributes->get('string_id');
$string = $this->loadString($string_id);
if (!$string) {
throw new NotFoundException('The string is not found.');
}
$target = $string['locale'];
$translation = $request->request->get('translation');
if (!$translation) {
$errors[] = no_field("Translation");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
save_message($target, $string['source'], $translation);
// Remove cached client side translations.
$this->getCache()->getItem('translation/js/' . $target)->clear();
$page['saved'] = true;
$page['title'] = getlocal("Translations");
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('translation_edit', $page);
}
/**
* Processes submitting of the forms which is generated in
* {@link \Mibew\Controller\CannedMessageController::showEditFormAction()}
* method.
*
* @param Request $request
* @return string Rendered page content
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$message_id = $request->attributes->getInt('message_id');
$errors = array();
$title = $request->request->get('title');
if (!$title) {
$errors[] = no_field("Title");
}
$message = $request->request->get('message');
if (!$message) {
$errors[] = no_field("Message");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
if ($message_id) {
save_canned_message($message_id, $title, $message);
} else {
$locale = $this->extractLocale($request);
$group_id = $this->extractGroupId($request);
add_canned_message($locale, $group_id, $title, $message);
}
$page['saved'] = true;
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('canned_message_edit', $page);
}
public static function checkToken($token)
{
if (!TOKEN_LIFETIME) {
return true;
}
// for backward compatibility with WB...
if (is_string($token) && strtolower($token) == 'post' || $token === true) {
return true;
}
// We return true here, just to keep WB modules happy.
// The CSRF protection will be added automatically to the Backend,
// so there's no need to do it this way.
$path = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/lib_csrfmagic/csrf-magic.php');
if (file_exists($path)) {
if (!function_exists('csrf_check_token')) {
include_once $path;
}
return csrf_check_token($token);
} else {
// no token without csrf-magic!
return true;
}
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\CommonController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws BadRequestException If one or more parameters of the request have
* wrong format.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$params = array();
$params['email'] = $request->request->get('email');
$params['title'] = $request->request->get('title');
$params['logo'] = $request->request->get('logo');
$params['hosturl'] = $request->request->get('hosturl');
$params['usernamepattern'] = $request->request->get('usernamepattern');
$params['chattitle'] = $request->request->get('chattitle');
$params['geolink'] = $request->request->get('geolink');
$params['geolinkparams'] = $request->request->get('geolinkparams');
$params['cron_key'] = $request->request->get('cronkey');
$send_key = $request->request->get('sendmessagekey');
if (!preg_match("/^c?enter\$/", $send_key)) {
throw new BadRequestException('Wrong format of "sendmessagekey" field.');
}
$params['sendmessagekey'] = $send_key;
$params['left_messages_locale'] = $request->request->get('leftmessageslocale');
if (!in_array($params['left_messages_locale'], get_available_locales())) {
$params['left_messages_locale'] = get_home_locale();
}
if ($params['email'] && !MailUtils::isValidAddress($params['email'])) {
$errors[] = getlocal('Enter a valid email address');
}
if ($params['geolinkparams']) {
foreach (explode(',', $params['geolinkparams']) as $one_param) {
$wrong_param = !preg_match("/^\\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\\d{1,4}\$/", $one_param);
if ($wrong_param) {
$errors[] = "Wrong link parameter: \"{$one_param}\", " . "should be one of 'toolbar, scrollbars, location, " . "status, menubar, width, height or resizable'";
}
}
}
if (preg_match("/^[0-9A-Za-z]*\$/", $params['cron_key']) == 0) {
$errors[] = getlocal('Use only Latin letters(upper and lower case) and numbers in cron key.');
}
// Load styles configs
$chat_style = $request->request->get('chat_style', ChatStyle::getDefaultStyle());
$chat_style_list = ChatStyle::getAvailableStyles();
if (!in_array($chat_style, $chat_style_list)) {
$chat_style = $chat_style_list[0];
}
$page_style = $request->request->get('page_style', PageStyle::getDefaultStyle());
$page_style_list = PageStyle::getAvailableStyles();
if (!in_array($page_style, $page_style_list)) {
$page_style = $page_style_list[0];
}
if (Settings::get('enabletracking')) {
$invitation_style = $request->request->get('invitation_style', InvitationStyle::getDefaultStyle());
$invitation_style_list = InvitationStyle::getAvailableStyles();
if (!in_array($invitation_style, $invitation_style_list)) {
$invitation_style = $invitation_style_list[0];
}
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Update system settings
foreach ($params as $key => $value) {
Settings::set($key, $value);
}
// Update styles params
ChatStyle::setDefaultStyle($chat_style);
PageStyle::setDefaultStyle($page_style);
if (Settings::get('enabletracking')) {
InvitationStyle::setDefaultStyle($invitation_style);
}
// Redirect the user to the same page using GET method
$redirect_to = $this->generateUrl('settings_common', array('stored' => true));
return $this->redirect($redirect_to);
}
/**
* Removes operator's avatar from the database.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function deleteAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
// Try to load the target operator.
if (!operator_by_id($op_id)) {
throw new NotFoundException('The operator is not found');
}
// Try to remove the current operator's avatar if it exists.
$current_avatar = $operator['vcavatar'];
if ($current_avatar) {
@unlink(MIBEW_FS_ROOT . '/files/avatar/' . basename($current_avatar));
}
// Update avatar value in database
update_operator_avatar($op_id, '');
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $op_id));
return $this->redirect($redirect_to);
}
/**
* Checks if a composite token is valid. Outward facing code should use this
* instead of csrf_check_token()
*/
function csrf_check_tokens($tokens)
{
if (is_string($tokens)) {
$tokens = explode(';', $tokens);
}
foreach ($tokens as $token) {
if (csrf_check_token($token)) {
return true;
}
}
return false;
}
/**
* Enables an operator.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function enableAction(Request $request)
{
csrf_check_token($request);
$operator_id = $request->attributes->getInt('operator_id');
if (!operator_by_id($operator_id)) {
throw new NotFoundException('The operator is not found.');
}
enable_operator($operator_id);
// Redirect the current operator to the page with operators list
return $this->redirect($this->generateUrl('operators'));
}