public function grab()
{
parent::grab();
$author_ids = $this->_getAuthorIds();
$authors = AuthorManager::fetchByID($author_ids, 'id', $this->dsParamORDER);
return (array) $authors;
}
/**
* I absolutely stole this next bit! Thank you craig zheng (craig@symphony-cms.com) :)
* via the Tracker extension
*/
public function appendPreferences($context)
{
include_once TOOLKIT . '/class.authormanager.php';
include_once TOOLKIT . '/class.sectionmanager.php';
// Fieldset and layout
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Mass Upload Utility')));
$div = new XMLElement('div');
$div->setAttribute('class', 'group double');
// Excluded Sections
$label = Widget::Label(__('Excluded Sections'));
$options = array();
$sections = SectionManager::fetch();
$excluded_sections = explode(',', Symphony::Configuration()->get('excluded-sections', 'massuploadutility'));
if (!empty($sections) && is_array($sections)) {
foreach ($sections as $section) {
$selected = in_array($section->get('id'), $excluded_sections) ? TRUE : FALSE;
$options[] = array($section->get('id'), $selected, $section->get('name'));
}
}
$input = Widget::Select('settings[massuploadutility][excluded-sections][]', $options, array('multiple' => 'multiple'));
$label->appendChild($input);
$div->appendChild($label);
// Excluded Users
$label = Widget::Label(__('Excluded Users'));
$options = array();
$am = new AuthorManager(Administration::instance());
$authors = $am->fetch();
$excluded_authors = explode(',', Symphony::Configuration()->get('excluded-users', 'massuploadutility'));
if (!empty($authors) && is_array($authors)) {
foreach ($authors as $author) {
$selected = in_array($author->get('id'), $excluded_authors) ? TRUE : FALSE;
$options[] = array($author->get('id'), $selected, $author->getFullName());
}
}
$input = Widget::Select('settings[massuploadutility][excluded-users][]', $options, array('multiple' => 'multiple'));
$label->appendChild($input);
$div->appendChild($label);
$group->appendChild($div);
$context['wrapper']->appendChild($group);
}
public function __viewIndex()
{
$entry_id = $_REQUEST['entry_id'];
$author_id = $_REQUEST['author_id'];
if (!$entry_id || !$author_id) {
echo json_encode('expired');
exit;
}
$setup = $_REQUEST['setup'];
$force = $_REQUEST['force'];
if ($force == 'true') {
$this->_driver->removeTheLockByEntry($entry_id);
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
exit;
}
$lock = $this->_driver->lockExists($entry_id);
if ($author_id != $lock[0] && $lock[0] > 0) {
$authorManager = new AuthorManager($this->_Parent);
$author = $authorManager->fetchByID($lock[0]);
echo json_encode($author->getFullName());
} else {
if ($lock == -1) {
echo json_encode('expired-lifetime');
} else {
if ($lock == 0 && $setup == true) {
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
} else {
if ($lock == 0) {
echo json_encode('expired');
} else {
$this->_driver->renewTheLock($entry_id, $author_id);
echo json_encode('true');
}
}
}
}
exit;
}
public function ldap_login($context)
{
if (!empty($context->username) || !empty($_POST['password'])) {
//LDAP connection
$ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors'));
if ($ldap) {
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors'));
$filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors'));
$basedn = Symphony::Configuration()->get('basedn', 'ldap_authors');
try {
//Attempt to authenticate to the LDAP server
$bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']);
$user = AuthorManager::fetchByUsername($context['username']);
if (count($user) > 0 && $user->get('LDAP') === '1') {
//LDAP user has visited before therefore login
$this->login($user);
return true;
} else {
//New LDAP user, we need to insert their details in the authors table
$ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn);
if ($ldap_user) {
//Get attributes and insert data
$attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors'));
$author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]);
if (count($author_details) == 3) {
$id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true));
if ($id) {
//Once user is inserted log them in
$user = AuthorManager::fetchByID($id);
$this->login($user);
return true;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR);
}
}
} catch (Exception $e) {
Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING);
}
return false;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR);
}
}
}
/**
* Overload the Symphony::login function to bypass some code that
* forces use of the Administration class (which of course is not
* available in Shell). Hopefully this is fixed in the core Symphony code
*
*/
public static function login($username, $password, $isHash = false)
{
$username = self::Database()->cleanValue($username);
$password = self::Database()->cleanValue($password);
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$author = \AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n `username` = '%s'\n ", $username));
if (!empty($author) && \Cryptography::compare($password, current($author)->get('password'), $isHash)) {
self::$Author = current($author);
// Only migrate hashes if there is no update available as the update might change the tbl_authors table.
if (\Cryptography::requiresMigration(self::$Author->get('password'))) {
throw new ShellException('User details require updating. Please login to the admin interface.');
}
self::$Cookie->set('username', $username);
self::$Cookie->set('pass', self::$Author->get('password'));
self::Database()->update(array('last_seen' => \DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
return true;
}
}
return false;
}
public static function get()
{
$url_parts = REST_API::getRequestURI();
$author_url = $url_parts[0];
$response = new XMLElement('response');
if (isset($author_url)) {
if (is_numeric($author_url)) {
$author = AuthorManager::fetchByID($author_url);
} else {
$author = AuthorManager::fetchByUsername($author_url);
}
if (!$author) {
REST_API::sendError('Author not found.', 404);
}
$response->appendChild(self::__buildAuthorXML($author));
} else {
$authors = AuthorManager::fetch();
foreach ($authors as $author) {
$response->appendChild(self::__buildAuthorXML($author));
}
}
REST_API::sendOutput($response);
}
function __viewIndex()
{
$sectionManager = new SectionManager($this->_Parent);
if (!($section_id = $sectionManager->fetchIDFromHandle($this->_context['section_handle']))) {
$this->_Parent->customError(E_USER_ERROR, __('Unknown Section'), __('The Section you are looking, <code>%s</code> for could not be found.', array($this->_context['section_handle'])), false, true);
}
$section = $sectionManager->fetch($section_id);
$this->setPageType('table');
$this->setTitle(__('%1$s – %2$s', array(__('Symphony'), $section->get('name'))));
$this->Form->setAttribute("class", $this->_context['section_handle']);
$entryManager = new EntryManager($this->_Parent);
$authors = AuthorManager::fetch();
$filter = $filter_value = $where = $joins = NULL;
$current_page = isset($_REQUEST['pg']) && is_numeric($_REQUEST['pg']) ? max(1, intval($_REQUEST['pg'])) : 1;
if (isset($_REQUEST['filter'])) {
list($field_handle, $filter_value) = explode(':', $_REQUEST['filter'], 2);
$field_names = explode(',', $field_handle);
foreach ($field_names as $field_name) {
$filter_value = rawurldecode($filter_value);
$filter = Symphony::Database()->fetchVar('id', 0, "SELECT `f`.`id` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t FROM `tbl_fields` AS `f`, `tbl_sections` AS `s` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE `s`.`id` = `f`.`parent_section` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t AND f.`element_name` = '{$field_name}' \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t AND `s`.`handle` = '" . $section->get('handle') . "' LIMIT 1");
$field =& $entryManager->fieldManager->fetch($filter);
if (is_object($field)) {
$field->buildDSRetrivalSQL(array($filter_value), $joins, $where, false);
$filter_value = rawurlencode($filter_value);
}
}
if ($where != null) {
$where = str_replace('AND', 'OR', $where);
// multiple fields need to be OR
$where = trim($where);
$where = ' AND (' . substr($where, 2, strlen($where)) . ')';
// replace leading OR with AND
}
}
if (isset($_REQUEST['sort']) && is_numeric($_REQUEST['sort'])) {
$sort = intval($_REQUEST['sort']);
$order = $_REQUEST['order'] ? strtolower($_REQUEST['order']) : 'asc';
if ($section->get('entry_order') != $sort || $section->get('entry_order_direction') != $order) {
$sectionManager->edit($section->get('id'), array('entry_order' => $sort, 'entry_order_direction' => $order));
redirect($this->_Parent->getCurrentPageURL() . ($filter ? "?filter={$field_handle}:{$filter_value}" : ''));
}
} elseif (isset($_REQUEST['unsort'])) {
$sectionManager->edit($section->get('id'), array('entry_order' => NULL, 'entry_order_direction' => NULL));
redirect($this->_Parent->getCurrentPageURL());
}
$this->Form->setAttribute('action', $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . ($filter ? "&filter={$field_handle}:{$filter_value}" : ''));
## Remove the create button if there is a section link field, and no filtering set for it
$section_links = $section->fetchFields('sectionlink');
if (count($section_links) > 1 || !$filter && $section_links || is_object($section_links[0]) && $filter != $section_links[0]->get('id')) {
$this->appendSubheading($section->get('name'));
} else {
$this->appendSubheading($section->get('name'), Widget::Anchor(__('Create New'), $this->_Parent->getCurrentPageURL() . 'new/' . ($filter ? '?prepopulate[' . $filter . ']=' . $filter_value : ''), __('Create a new entry'), 'create button'));
}
if (is_null($entryManager->getFetchSorting()->field) && is_null($entryManager->getFetchSorting()->direction)) {
$entryManager->setFetchSortingDirection('DESC');
}
$entries = $entryManager->fetchByPage($current_page, $section_id, Symphony::Configuration()->get('pagination_maximum_rows', 'symphony'), $where, $joins);
$aTableHead = array();
$visible_columns = $section->fetchVisibleColumns();
if (is_array($visible_columns) && !empty($visible_columns)) {
foreach ($visible_columns as $column) {
$label = $column->get('label');
if ($column->isSortable()) {
if ($column->get('id') == $section->get('entry_order')) {
$link = $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . '&sort=' . $column->get('id') . '&order=' . ($section->get('entry_order_direction') == 'desc' ? 'asc' : 'desc') . ($filter ? "&filter={$field_handle}:{$filter_value}" : '');
$anchor = Widget::Anchor($label, $link, __('Sort by %1$s %2$s', array($section->get('entry_order_direction') == 'desc' ? __('ascending') : __('descending'), strtolower($column->get('label')))), 'active');
} else {
$link = $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . '&sort=' . $column->get('id') . '&order=asc' . ($filter ? "&filter={$field_handle}:{$filter_value}" : '');
$anchor = Widget::Anchor($label, $link, __('Sort by %1$s %2$s', array(__('ascending'), strtolower($column->get('label')))));
}
$aTableHead[] = array($anchor, 'col');
} else {
$aTableHead[] = array($label, 'col');
}
}
} else {
$aTableHead[] = array(__('ID'), 'col');
}
$child_sections = NULL;
$associated_sections = $section->fetchAssociatedSections();
if (is_array($associated_sections) && !empty($associated_sections)) {
$child_sections = array();
foreach ($associated_sections as $key => $as) {
$child_sections[$key] = $sectionManager->fetch($as['child_section_id']);
$aTableHead[] = array($child_sections[$key]->get('name'), 'col');
}
}
## Table Body
$aTableBody = array();
if (!is_array($entries['records']) || empty($entries['records'])) {
$aTableBody = array(Widget::TableRow(array(Widget::TableData(__('None found.'), 'inactive', NULL, count($aTableHead))), 'odd'));
} else {
$bOdd = true;
$field_pool = array();
if (is_array($visible_columns) && !empty($visible_columns)) {
foreach ($visible_columns as $column) {
$field_pool[$column->get('id')] = $column;
}
}
foreach ($entries['records'] as $entry) {
$tableData = array();
## Setup each cell
if (!is_array($visible_columns) || empty($visible_columns)) {
$tableData[] = Widget::TableData(Widget::Anchor($entry->get('id'), $this->_Parent->getCurrentPageURL() . 'edit/' . $entry->get('id') . '/'));
} else {
$link = Widget::Anchor('None', $this->_Parent->getCurrentPageURL() . 'edit/' . $entry->get('id') . '/', $entry->get('id'), 'content');
foreach ($visible_columns as $position => $column) {
$data = $entry->getData($column->get('id'));
$field = $field_pool[$column->get('id')];
$value = $field->prepareTableValue($data, $position == 0 ? $link : null, $entry->get('id'));
if (!is_object($value) && strlen(trim($value)) == 0) {
$value = $position == 0 ? $link->generate() : __('None');
}
if ($value == 'None') {
$tableData[] = Widget::TableData($value, 'inactive');
} else {
$tableData[] = Widget::TableData($value);
}
unset($field);
}
}
if (is_array($child_sections) && !empty($child_sections)) {
foreach ($child_sections as $key => $as) {
$field = $entryManager->fieldManager->fetch((int) $associated_sections[$key]['child_section_field_id']);
$parent_section_field_id = (int) $associated_sections[$key]['parent_section_field_id'];
if (!is_null($parent_section_field_id)) {
$search_value = $field->fetchAssociatedEntrySearchValue($entry->getData($parent_section_field_id), $parent_section_field_id, $entry->get('id'));
} else {
$search_value = $entry->get('id');
}
$associated_entry_count = $field->fetchAssociatedEntryCount($search_value);
$tableData[] = Widget::TableData(Widget::Anchor(sprintf('%d →', max(0, intval($associated_entry_count))), sprintf('%s/symphony/publish/%s/?filter=%s:%s', URL, $as->get('handle'), $field->get('element_name'), rawurlencode($search_value)), $entry->get('id'), 'content'));
}
}
$tableData[count($tableData) - 1]->appendChild(Widget::Input('items[' . $entry->get('id') . ']', NULL, 'checkbox'));
## Add a row to the body array, assigning each cell to the row
$aTableBody[] = Widget::TableRow($tableData, $bOdd ? 'odd' : NULL);
$bOdd = !$bOdd;
}
}
$table = Widget::Table(Widget::TableHead($aTableHead), NULL, Widget::TableBody($aTableBody));
$this->Form->appendChild($table);
$tableActions = new XMLElement('div');
$tableActions->setAttribute('class', 'actions');
$options = array(array(NULL, false, __('With Selected...')), array('delete', false, __('Delete')));
$toggable_fields = $section->fetchToggleableFields();
if (is_array($toggable_fields) && !empty($toggable_fields)) {
$index = 2;
foreach ($toggable_fields as $field) {
$options[$index] = array('label' => __('Set %s', array($field->get('label'))), 'options' => array());
foreach ($field->getToggleStates() as $value => $state) {
$options[$index]['options'][] = array('toggle-' . $field->get('id') . '-' . $value, false, $state);
}
$index++;
}
}
$tableActions->appendChild(Widget::Select('with-selected', $options));
$tableActions->appendChild(Widget::Input('action[apply]', __('Apply'), 'submit'));
$this->Form->appendChild($tableActions);
if ($entries['total-pages'] > 1) {
$ul = new XMLElement('ul');
$ul->setAttribute('class', 'page');
## First
$li = new XMLElement('li');
if ($current_page > 1) {
$li->appendChild(Widget::Anchor(__('First'), $this->_Parent->getCurrentPageURL() . '?pg=1' . ($filter ? "&filter={$field_handle}:{$filter_value}" : '')));
} else {
$li->setValue(__('First'));
}
$ul->appendChild($li);
## Previous
$li = new XMLElement('li');
if ($current_page > 1) {
$li->appendChild(Widget::Anchor(__('← Previous'), $this->_Parent->getCurrentPageURL() . '?pg=' . ($current_page - 1) . ($filter ? "&filter={$field_handle}:{$filter_value}" : '')));
} else {
$li->setValue(__('← Previous'));
}
$ul->appendChild($li);
## Summary
$li = new XMLElement('li', __('Page %1$s of %2$s', array($current_page, max($current_page, $entries['total-pages']))));
$li->setAttribute('title', __('Viewing %1$s - %2$s of %3$s entries', array($entries['start'], min($entries['limit'], max(1, $entries['remaining-entries'])), $entries['total-entries'])));
$ul->appendChild($li);
## Next
$li = new XMLElement('li');
if ($current_page < $entries['total-pages']) {
$li->appendChild(Widget::Anchor(__('Next →'), $this->_Parent->getCurrentPageURL() . '?pg=' . ($current_page + 1) . ($filter ? "&filter={$field_handle}:{$filter_value}" : '')));
} else {
$li->setValue(__('Next →'));
}
$ul->appendChild($li);
## Last
$li = new XMLElement('li');
if ($current_page < $entries['total-pages']) {
$li->appendChild(Widget::Anchor(__('Last'), $this->_Parent->getCurrentPageURL() . '?pg=' . $entries['total-pages'] . ($filter ? "&filter={$field_handle}:{$filter_value}" : '')));
} else {
$li->setValue(__('Last'));
}
$ul->appendChild($li);
$this->Form->appendChild($ul);
}
}
continue;
}
$ret = __processAuthorFilter($field, $value, Symphony::Database());
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER);
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
$param_pool[$key][] = $this->dsParamPARAMOUTPUT == 'name' ? $author->getFullName() : $author->get($this->dsParamPARAMOUTPUT);
}
public function getExampleFormMarkup()
{
$authors = AuthorManager::fetch();
$options = array();
foreach ($authors as $a) {
$options[] = array($a->get('id'), NULL, $a->getFullName());
}
$fieldname = 'fields[' . $this->get('element_name') . ']';
if ($this->get('allow_multiple_selection') == 'yes') {
$fieldname .= '[]';
}
$attr = array();
if ($this->get('allow_multiple_selection') == 'yes') {
$attr['multiple'] = 'multiple';
}
$label = Widget::Label($this->get('label'));
$label->appendChild(Widget::Select($fieldname, $options, $attr));
return $label;
}
* Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
*
* @version 1.7
* @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
*
***/
$GLOBALS['pageTitle'] = "Authors";
if (isset($_GET['_f'])) {
switch ($_GET['_f']) {
case "complete":
$Admin->pageAlert("selected-success", array("Author(s)", "deleted"));
break;
}
}
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$authors = $authorManager->fetch();
$date = new SymDate($Admin->getConfigVar("time_zone", "region"), $Admin->getConfigVar("date_format", "region"));
$new_button = $Admin->authorIsSuper() ? '<a class="create button" href="' . $Admin->getCurrentPageURL() . 'new/" title="Add an author">Create New</a>' : "";
?>
<form action="<?php
print $Admin->getCurrentPageURL();
?>
" method="post">
<h2><!-- PAGE TITLE --> <?php
print $new_button;
?>
</h2>
<table>
<thead>
<tr>
function action()
{
if (isset($_POST['action'])) {
$actionParts = array_keys($_POST['action']);
$action = end($actionParts);
##Login Attempted
if ($action == 'login') {
if (empty($_POST['username']) || empty($_POST['password']) || !$this->_Parent->login($_POST['username'], $_POST['password'])) {
## TODO: Fix Me
###
# Delegate: LoginFailure
# Description: Failed login attempt. Username is provided.
//$ExtensionManager->notifyMembers('LoginFailure', getCurrentPage(), array('username' => $_POST['username']));
//$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>'));
//$this->_alert = 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>';
$this->_invalidPassword = true;
} else {
## TODO: Fix Me
###
# Delegate: LoginSuccess
# Description: Successful login attempt. Username is provided.
//$ExtensionManager->notifyMembers('LoginSuccess', getCurrentPage(), array('username' => $_POST['username']));
if (isset($_POST['redirect'])) {
redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
}
redirect(URL . '/symphony/');
}
##Reset of password requested
} elseif ($action == 'reset') {
$author = $this->_Parent->Database->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . $_POST['email'] . "'");
if (!empty($author)) {
$this->_Parent->Database->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
if (!($token = $this->_Parent->Database->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
$token = substr(md5(time() . rand(0, 200)), 0, 6);
$this->_Parent->Database->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
}
$this->_email_sent = General::sendEmail($author['email'], $this->_Parent->Database->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . URL . "/symphony/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
## TODO: Fix Me
###
# Delegate: PasswordResetSuccess
# Description: A successful password reset has taken place. Author ID is provided
//$ExtensionManager->notifyMembers('PasswordResetSuccess', getCurrentPage(), array('author_id' => $author['id']));
} else {
## TODO: Fix Me
###
# Delegate: PasswordResetFailure
# Description: A failed password reset has taken place. Author ID is provided
//$ExtensionManager->notifyMembers('PasswordResetFailure', getCurrentPage(), array('author_id' => $author['id']));
$this->_email_sent = false;
}
##Change of password requested
} elseif ($action == 'change' && $this->_Parent->isLoggedIn()) {
if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
$this->_mismatchedPassword = true;
} else {
$author_id = $this->_Parent->Author->get('id');
require_once TOOLKIT . '/class.authormanager.php';
$authorManager = new AuthorManager($this->_Parent);
$author = $authorManager->fetchByID($author_id);
$author->set('password', md5($this->_Parent->Database->cleanValue($_POST['password'])));
if (!$author->commit() || !$this->_Parent->login($author->get('username'), $_POST['password'])) {
redirect(URL . "symphony/system/authors/edit/{$author_id}/error/");
}
## TODO: Fix me
###
# Delegate: PasswordChanged
# Description: After editing an author. ID of the author is provided.
//$ExtensionManager->notifyMembers('PasswordChanged', getCurrentPage(), array('author_id' => $author_id));
redirect(URL . '/symphony/');
}
}
} elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
$sql = "SELECT t1.`id`, t1.`email`, t1.`first_name` \n\t\t\t\t\t FROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . $_REQUEST['token'] . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1";
$author = $this->_Parent->Database->fetchRow(0, $sql);
if (!empty($author)) {
$newpass = General::generatePassword();
General::sendEmail($author['email'], '*****@*****.**', 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $author['first_name'] . ',' . self::CRLF . "As requested, here is your new Symphony Author Password for '" . URL . "'" . self::CRLF . "\t{$newpass}" . self::CRLF . self::CRLF . 'Best Regards,' . self::CRLF . 'The Symphony Team');
$this->_Parent->Database->update(array('password' => md5($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
$this->_Parent->Database->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
## TODO: Fix Me
###
# Delegate: PasswordResetRequest
# Description: User has requested a password reset. Author ID is provided.
//$ExtensionManager->notifyMembers('PasswordResetRequest', getCurrentPage(), array('author_id' => $author['id']));
$this->_alert = 'Password reset. Check your email';
}
}
}
public function action()
{
if (isset($_POST['action'])) {
$actionParts = array_keys($_POST['action']);
$action = end($actionParts);
##Login Attempted
if ($action == 'login') {
if (empty($_POST['username']) || empty($_POST['password']) || !Administration::instance()->login($_POST['username'], $_POST['password'])) {
/**
* A failed login attempt into the Symphony backend
*
* @delegate AuthorLoginFailure
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $username
* The username of the Author who attempted to login.
*/
Symphony::ExtensionManager()->notifyMembers('AuthorLoginFailure', '/login/', array('username' => $_POST['username']));
$this->_invalidPassword = true;
} else {
/**
* A successful login attempt into the Symphony backend
*
* @delegate AuthorLoginSuccess
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $username
* The username of the Author who logged in.
*/
Symphony::ExtensionManager()->notifyMembers('AuthorLoginSuccess', '/login/', array('username' => $_POST['username']));
if (isset($_POST['redirect'])) {
redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
}
redirect(SYMPHONY_URL);
}
##Reset of password requested
} elseif ($action == 'reset') {
$author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . Symphony::Database()->cleanValue($_POST['email']) . "'");
if (!empty($author)) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
if (!($token = Symphony::Database()->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
$token = substr(General::hash(time() . rand(0, 1000)), 0, 6);
Symphony::Database()->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
}
try {
$email = Email::create();
$email->recipients = $author['email'];
$email->subject = __('New Symphony Account Password');
$email->text_plain = __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . SYMPHONY_URL . "/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team');
$email->send();
$this->_email_sent = true;
} catch (Exception $e) {
} catch (EmailGatewayException $e) {
throw new SymphonyErrorPage('Error sending email. ' . $e->getMessage());
}
/**
* When a password reset has occured and after the Password
* Reset email has been sent.
*
* @delegate AuthorPostPasswordResetSuccess
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who requested the password reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetSuccess', '/login/', array('author_id' => $author['id']));
} else {
/**
* When a password reset has been attempted, but Symphony doesn't
* recognise the credentials the user has given.
*
* @delegate AuthorPostPasswordResetFailure
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param string $email
* The santizied Email of the Author who tried to request the password reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetFailure', '/login/', array('email' => Symphony::Database()->cleanValue($_POST['email'])));
$this->_email_sent = false;
}
##Change of password requested
} elseif ($action == 'change' && Administration::instance()->isLoggedIn()) {
if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
$this->_mismatchedPassword = true;
} else {
$author_id = Administration::instance()->Author->get('id');
$author = AuthorManager::fetchByID($author_id);
$author->set('password', General::hash(Symphony::Database()->cleanValue($_POST['password'])));
if (!$author->commit() || !Administration::instance()->login($author->get('username'), $_POST['password'])) {
redirect(SYMPHONY_URL . "/system/authors/edit/{$author_id}/error/");
}
/**
* When an Author changes their password as the result of a login
* with an emergency token (ie. forgot password). Just after their
* new password has been set successfully
*
* @delegate AuthorPostPasswordChange
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who has just changed their password
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordChange', '/login/', array('author_id' => $author_id));
redirect(SYMPHONY_URL);
}
}
} elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
$author = Symphony::Database()->fetchRow(0, "SELECT t1.`id`, t1.`email`, t1.`first_name`\n\t\t\t\t\t\tFROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . Symphony::Database()->cleanValue($_REQUEST['token']) . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1");
if (!empty($author)) {
$newpass = General::generatePassword();
General::sendEmail($author['email'], Symphony::Database()->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __("As requested, here is your new Symphony Author Password for ") . URL . " " . self::CRLF . " {$newpass}" . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
Symphony::Database()->update(array('password' => General::hash($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
Symphony::Database()->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
/**
* Just after a Forgot Password email has been sent to the Author
* who has requested a password reset.
*
* @delegate AuthorPostPasswordResetRequest
* @since Symphony 2.2
* @param string $context
* '/login/'
* @param integer $author_id
* The ID of the Author who has requested their password be reset
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetRequest', '/login/', array('author_id' => $author['id']));
$this->_alert = __('Password reset. Check your email');
}
}
}
/**
* This function determines whether an there is a currently logged in
* Author for Symphony by using the `$Cookie`'s username
* and password. If an Author is found, they will be logged in, otherwise
* the `$Cookie` will be destroyed.
*
* @see core.Cookie#expire()
*/
public function isLoggedIn()
{
// Ensures that we're in the real world.. Also reduces three queries from database
// We must return true otherwise exceptions are not shown
if (is_null(self::$_instance)) {
return true;
}
if ($this->Author) {
return true;
} else {
$username = self::$Database->cleanValue($this->Cookie->get('username'));
$password = self::$Database->cleanValue($this->Cookie->get('pass'));
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1");
if ($id) {
self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'");
$this->Author = AuthorManager::fetchByID($id);
Lang::set($this->Author->get('language'));
return true;
}
}
$this->Cookie->expire();
return false;
}
}
/**
* This is the insert method for the Author. This takes the current
* `$this->_fields` values and adds them to the database using either the
* `AuthorManager::edit` or `AuthorManager::add` functions. An
* existing user is determined by if an ID is already set.
*
* @see toolkit.AuthorManager#add()
* @see toolkit.AuthorManager#edit()
* @return integer|boolean
* When a new Author is added or updated, an integer of the Author ID
* will be returned, otherwise false will be returned for a failed update.
*/
public function commit()
{
if (!is_null($this->get('id'))) {
$id = $this->get('id');
$this->remove('id');
if (AuthorManager::edit($id, $this->get())) {
$this->set('id', $id);
return $id;
} else {
return false;
}
} else {
return AuthorManager::add($this->get());
}
}
public function groupRecords($records)
{
if (!is_array($records) || empty($records)) {
return;
}
$groups = array($this->get('element_name') => array());
foreach ($records as $r) {
$data = $r->getData($this->get('id'));
$author_id = !isset($data['author_id']) ? 0 : $data['author_id'];
if (!isset($groups[$this->get('element_name')][$author_id])) {
$author = AuthorManager::fetchByID($author_id);
// If there is an author, use those values, otherwise just blank it.
if ($author instanceof Author) {
$username = $author->get('username');
$full_name = $author->getFullName();
} else {
$username = '';
$full_name = '';
}
$groups[$this->get('element_name')][$author_id] = array('attr' => array('author-id' => $author_id, 'username' => $username, 'full-name' => $full_name), 'records' => array(), 'groups' => array());
}
$groups[$this->get('element_name')][$author_id]['records'][] = $r;
}
return $groups;
}
public function __actionEdit()
{
if (!($author_id = $this->_context[1])) {
redirect(SYMPHONY_URL . '/system/authors/');
}
$isOwner = $author_id == Administration::instance()->Author->get('id');
if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
$fields = $_POST['fields'];
$this->_Author = AuthorManager::fetchByID($author_id);
$authenticated = false;
if ($fields['email'] != $this->_Author->get('email')) {
$changing_email = true;
}
// Check the old password was correct
if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
$authenticated = true;
} else {
if (Administration::instance()->Author->isDeveloper()) {
$authenticated = true;
}
}
$this->_Author->set('id', $author_id);
if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
$this->_Author->set('user_type', 'developer');
// Primary accounts are always developer, Developers can't lower their level
} elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
$this->_Author->set('user_type', $fields['user_type']);
// Only developer can change user type
}
$this->_Author->set('email', $fields['email']);
$this->_Author->set('username', $fields['username']);
$this->_Author->set('first_name', General::sanitize($fields['first_name']));
$this->_Author->set('last_name', General::sanitize($fields['last_name']));
$this->_Author->set('language', $fields['language']);
if (trim($fields['password']) != '') {
$this->_Author->set('password', General::hash($fields['password']));
$changing_password = true;
}
// Don't allow authors to set the Section Index as a default area
// If they had it previously set, just save `null` which will redirect
// the Author (when logging in) to their own Author record
if ($this->_Author->get('user_type') == 'author' && $fields['default_area'] == '/blueprints/sections/') {
$this->_Author->set('default_area', null);
} else {
$this->_Author->set('default_area', $fields['default_area']);
}
$this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
if ($this->_Author->validate($this->_errors)) {
if (!$authenticated && ($changing_password || $changing_email)) {
if ($changing_password) {
$this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
} elseif ($changing_email) {
$this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
}
} elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
$this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
} elseif ($this->_Author->commit()) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
if ($isOwner) {
Administration::instance()->login($this->_Author->get('username'), $this->_Author->get('password'), true);
}
/**
* After editing an author, provided with the Author object
*
* @delegate AuthorPostEdit
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param Author $author
* An Author object
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPostEdit', '/system/authors/', array('author' => $this->_Author));
redirect(SYMPHONY_URL . '/system/authors/edit/' . $author_id . '/saved/');
} else {
$this->pageAlert(__('Unknown errors occurred while attempting to save.') . '<a href="' . SYMPHONY_URL . '/system/log/">' . __('Check your activity log') . '</a>.', Alert::ERROR);
}
} else {
if (is_array($this->_errors) && !empty($this->_errors)) {
$this->pageAlert(__('There were some problems while attempting to save. Please check below for problem fields.'), Alert::ERROR);
}
}
} else {
if (@array_key_exists('delete', $_POST['action'])) {
/**
* Prior to deleting an author, provided with the Author ID.
*
* @delegate AuthorPreDelete
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param integer $author_id
* The ID of Author ID that is about to be deleted
*/
Symphony::ExtensionManager()->notifyMembers('AuthorPreDelete', '/system/authors/', array('author_id' => $author_id));
if (!$isOwner) {
AuthorManager::delete($author_id);
redirect(SYMPHONY_URL . '/system/authors/');
} else {
$this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
}
}
}
}
public function execute(array &$param_pool = null)
{
$author_ids = array();
if (is_array($this->dsParamFILTERS) && !empty($this->dsParamFILTERS)) {
foreach ($this->dsParamFILTERS as $field => $value) {
if (!is_array($value) && trim($value) == '') {
continue;
}
$ret = $this->__processAuthorFilter($field, $value);
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids));
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} elseif (!is_array($authors) || empty($authors)) {
$result = $this->emptyXMLSet();
return $result;
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
$singleParam = false;
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (isset($this->dsParamPARAMOUTPUT)) {
if (!is_array($this->dsParamPARAMOUTPUT)) {
$this->dsParamPARAMOUTPUT = array($this->dsParamPARAMOUTPUT);
}
$singleParam = count($this->dsParamPARAMOUTPUT) === 1;
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
foreach ($this->dsParamPARAMOUTPUT as $param) {
// The new style of paramater is `ds-datasource-handle.field-handle`
$param_key = $key . '.' . str_replace(':', '-', $param);
if (!is_array($param_pool[$param_key])) {
$param_pool[$param_key] = array();
}
$param_pool[$param_key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
if ($singleParam) {
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
$param_pool[$key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
}
}
}
if ($this->_param_output_only) {
continue;
}
$xAuthor = new XMLElement('author');
$xAuthor->setAttributeArray(array('id' => $author->get('id'), 'user-type' => $author->get('user_type'), 'primary-account' => $author->get('primary')));
// No included elements, so just create the Author XML
if (!isset($this->dsParamINCLUDEDELEMENTS) || !is_array($this->dsParamINCLUDEDELEMENTS) || empty($this->dsParamINCLUDEDELEMENTS)) {
$result->appendChild($xAuthor);
} else {
// Name
if (in_array('name', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('name', $author->getFullName()));
}
// Username
if (in_array('username', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('username', $author->get('username')));
}
// Email
if (in_array('email', $this->dsParamINCLUDEDELEMENTS)) {
$xAuthor->appendChild(new XMLElement('email', $author->get('email')));
}
// Author Token
if (in_array('author-token', $this->dsParamINCLUDEDELEMENTS) && $author->isTokenActive()) {
$xAuthor->appendChild(new XMLElement('author-token', $author->createAuthToken()));
}
// Default Area
if (in_array('default-area', $this->dsParamINCLUDEDELEMENTS) && !is_null($author->get('default_area'))) {
// Section
if ($section = SectionManager::fetch($author->get('default_area'))) {
$default_area = new XMLElement('default-area', $section->get('name'));
$default_area->setAttributeArray(array('id' => $section->get('id'), 'handle' => $section->get('handle'), 'type' => 'section'));
$xAuthor->appendChild($default_area);
} else {
$default_area = new XMLElement('default-area', $author->get('default_area'));
$default_area->setAttribute('type', 'page');
$xAuthor->appendChild($default_area);
}
}
$result->appendChild($xAuthor);
}
}
}
return $result;
}
public function formatAuthorString($id, $username)
{
// Get author info
$author = AuthorManager::fetchByID($id);
// If the author no longer exists, use the fallback name
if (!$author instanceof Author) {
$author_string = $username;
} else {
$author_string = Widget::Anchor($author->getFullName(), '/symphony/system/authors/edit/' . $id)->generate();
}
return $author_string;
}
continue;
}
$ret = __processAuthorFilter($field, $value, Symphony::Database());
if (empty($ret)) {
$author_ids = array();
break;
}
if (empty($author_ids)) {
$author_ids = $ret;
continue;
}
$author_ids = array_intersect($author_ids, $ret);
}
$authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
} else {
$authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
throw new FrontendPageNotFoundException();
} else {
if (!$this->_param_output_only) {
$result = new XMLElement($this->dsParamROOTELEMENT);
}
foreach ($authors as $author) {
if (isset($this->dsParamPARAMOUTPUT)) {
$key = 'ds-' . $this->dsParamROOTELEMENT;
if (!is_array($param_pool[$key])) {
$param_pool[$key] = array();
}
$param_pool[$key][] = $this->dsParamPARAMOUTPUT == 'name' ? $author->getFullName() : $author->get($this->dsParamPARAMOUTPUT);
}
public function groupRecords($records)
{
if (!is_array($records) || empty($records)) {
return;
}
$groups = array($this->get('element_name') => array());
foreach ($records as $r) {
$data = $r->getData($this->get('id'));
if (!isset($data['author_id'])) {
continue;
}
if (!isset($groups[$this->get('element_name')][$data['author_id']])) {
$author = AuthorManager::fetchByID($data['author_id']);
$groups[$this->get('element_name')][$data['author_id']] = array('attr' => array('author-id' => $data['author_id'], 'username' => $author->get('username'), 'full-name' => $author->getFullName()), 'records' => array(), 'groups' => array());
}
$groups[$this->get('element_name')][$data['author_id']]['records'][] = $r;
}
return $groups;
}
<?php
/***
*
* Symphony web publishing system
*
* Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
*
* @version 1.7
* @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
*
***/
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$author_id = $_REQUEST['id'];
if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) {
$fields = $_POST['fields'];
$required = array('firstname', 'lastname', 'username', 'email');
for ($i = 0; $i < count($required); $i++) {
if (trim($fields[$required[$i]]) == "") {
$errors[$required[$i]] = true;
}
}
if (is_array($errors)) {
define("__SYM_ENTRY_MISSINGFIELDS__", true);
} elseif ($fields['new_password'] != $fields['confirm_password']) {
$Admin->pageAlert("password-mismatch", NULL, false, 'error');
} elseif (trim($fields['password']) != "" && md5($fields['password']) != $DB->fetchVar('password', 0, "SELECT `password` FROM tbl_authors WHERE `id` = '" . $_REQUEST['id'] . "' LIMIT 1")) {
$Admin->pageAlert("password-incorrect", NULL, false, 'error');
} else {
$current_username = $DB->fetchVar('username', 0, "SELECT `username` FROM `tbl_authors` WHERE `id` = " . $_REQUEST['id']);
public function eventPreSave($context)
{
$event = $context['event'];
if (in_array("lock-entry", $event->eParamFILTERS)) {
// see if we're editing anything
if (!isset($_POST['id'])) {
//change $context['message']
return;
} else {
$entry_id = $_POST['id'];
}
// if there's no user logged in, user_id still has to be set to something
$author_id = $context['parent']->isLoggedIn() ? $context['parent']->Author->get('id') : 1;
if (($lock = $this->lockExists($entry_id)) <= 0) {
// if a lock doesn't exist or is expired, we can just give them one (ie ignore it)
$context['messages'] = array(array('lock-entry', 'passed', ''));
} else {
// the lock exists, see if it's owned by the user
if ($lock[0] != $author_id) {
$authorManager = new AuthorManager($this->_Parent);
$authors = $authorManager->fetchByID($this->locked[1]);
$context['messages'] = array(array('lock-entry', 'failed', 'This lease is currently owned by ' . $authors->getFullName() . '.'));
}
}
}
}
public function appendPreferences($context)
{
include_once TOOLKIT . '/class.authormanager.php';
include_once TOOLKIT . '/class.sectionmanager.php';
// Fieldset and layout
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Tracker')));
$div = new XMLElement('div');
$div->setAttribute('class', 'group triple');
// Excluded System Elements
$label = Widget::Label(__('Excluded System Elements'));
$options = array();
$elements = array('authors' => __('Authors'), 'datasources' => __('Data Sources'), 'events' => __('Events'), 'pages' => __('Pages'), 'sections' => __('Sections'), 'utilities' => __('Utilities'), 'preferences' => __('Preferences'), 'extensions' => __('Extensions'), 'login' => __('Login/Logout'), 'password' => __('Password Reset'));
$excluded_elements = explode(',', Symphony::Configuration()->get('excluded-system-elements', 'tracker'));
foreach ($elements as $handle => $value) {
$selected = in_array($handle, $excluded_elements) ? TRUE : FALSE;
$options[] = array($handle, $selected, $value);
}
$input = Widget::Select('settings[tracker][excluded-system-elements][]', $options, array('multiple' => 'multiple'));
$label->appendChild($input);
$div->appendChild($label);
// Excluded Sections
$label = Widget::Label(__('Excluded Sections'));
$options = array();
$sm = new SectionManager(Administration::instance());
$sections = $sm->fetch();
$excluded_sections = explode(',', Symphony::Configuration()->get('excluded-sections', 'tracker'));
if (!empty($sections) && is_array($sections)) {
foreach ($sections as $section) {
$selected = in_array($section->get('id'), $excluded_sections) ? TRUE : FALSE;
$options[] = array($section->get('id'), $selected, $section->get('name'));
}
}
$input = Widget::Select('settings[tracker][excluded-sections][]', $options, array('multiple' => 'multiple'));
$label->appendChild($input);
$div->appendChild($label);
// Excluded Users
$label = Widget::Label(__('Excluded Users'));
$options = array();
$am = new AuthorManager(Administration::instance());
$authors = $am->fetch();
$excluded_authors = explode(',', Symphony::Configuration()->get('excluded-users', 'tracker'));
if (!empty($authors) && is_array($authors)) {
foreach ($authors as $author) {
$selected = in_array($author->get('id'), $excluded_authors) ? TRUE : FALSE;
$options[] = array($author->get('id'), $selected, $author->getFullName());
}
}
$input = Widget::Select('settings[tracker][excluded-users][]', $options, array('multiple' => 'multiple'));
$label->appendChild($input);
$div->appendChild($label);
$group->appendChild($div);
// notify url of tracker event
$notify_url = Symphony::Configuration()->get('notify_url', 'tracker');
$notify_label = Widget::Label(__('Send tracker event to URL'));
$notify_label->appendChild(Widget::Input('settings[tracker][notify_url]', $notify_url, 'text'));
$group->appendChild($notify_label);
$context['wrapper']->appendChild($group);
}
function __actionEdit()
{
if (!($author_id = $this->_context[1])) {
redirect(URL . '/symphony/system/authors/');
}
$isOwner = $author_id == Administration::instance()->Author->get('id');
if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
$fields = $_POST['fields'];
$this->_Author = AuthorManager::fetchByID($author_id);
$authenticated = false;
if ($fields['email'] != $this->_Author->get('email')) {
$changing_email = true;
}
// Check the old password was correct
if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
$authenticated = true;
} elseif (Administration::instance()->Author->isDeveloper() && $isOwner === false) {
$authenticated = true;
}
$this->_Author->set('id', $author_id);
if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
$this->_Author->set('user_type', 'developer');
// Primary accounts are always developer, Developers can't lower their level
} elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
$this->_Author->set('user_type', $fields['user_type']);
// Only developer can change user type
}
$this->_Author->set('email', $fields['email']);
$this->_Author->set('username', $fields['username']);
$this->_Author->set('first_name', General::sanitize($fields['first_name']));
$this->_Author->set('last_name', General::sanitize($fields['last_name']));
$this->_Author->set('language', $fields['language']);
if (trim($fields['password']) != '') {
$this->_Author->set('password', General::hash($fields['password']));
$changing_password = true;
}
$this->_Author->set('default_section', intval($fields['default_section']));
$this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
if ($this->_Author->validate($this->_errors)) {
if (!$authenticated && ($changing_password || $changing_email)) {
if ($changing_password) {
$this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
} elseif ($changing_email) {
$this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
}
} elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
$this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
} elseif ($this->_Author->commit()) {
Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
if ($isOwner) {
$this->_Parent->login($this->_Author->get('username'), $this->_Author->get('password'), true);
}
## TODO: Fix me
###
# Delegate: Edit
# Description: After editing an author. ID of the author is provided.
//$ExtensionManager->notifyMembers('Edit', getCurrentPage(), array('author_id' => $_REQUEST['id']));
redirect(URL . '/symphony/system/authors/edit/' . $author_id . '/saved/');
} else {
$this->pageAlert(__('Unknown errors occurred while attempting to save. Please check your <a href="%s">activity log</a>.', array(URL . '/symphony/system/log/')), Alert::ERROR);
}
}
} elseif (@array_key_exists('delete', $_POST['action'])) {
## TODO: Fix Me
###
# Delegate: Delete
# Description: Prior to deleting an author. ID is provided.
//$ExtensionManager->notifyMembers('Delete', getCurrentPage(), array('author_id' => $author_id));
if (!$isOwner) {
AuthorManager::delete($author_id);
redirect(URL . '/symphony/system/authors/');
} else {
$this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
}
}
}
/**
* Symphony allows Authors to login via the use of tokens instead of
* a username and password. A token is derived from concatenating the
* Author's username and password and applying the sha1 hash to
* it, from this, a portion of the hash is used as the token. This is a useful
* feature often used when setting up other Authors accounts or if an
* Author forgets their password.
*
* @param string $token
* The Author token, which is a portion of the hashed string concatenation
* of the Author's username and password
* @throws DatabaseException
* @return boolean
* True if the Author is logged in, false otherwise
*/
public static function loginFromToken($token)
{
$token = self::Database()->cleanValue($token);
if (strlen(trim($token)) == 0) {
return false;
}
if (strlen($token) == 6 || strlen($token) == 16) {
$row = self::Database()->fetchRow(0, sprintf("SELECT `a`.`id`, `a`.`username`, `a`.`password`\n FROM `tbl_authors` AS `a`, `tbl_forgotpass` AS `f`\n WHERE `a`.`id` = `f`.`author_id`\n AND `f`.`expiry` > '%s'\n AND `f`.`token` = '%s'\n LIMIT 1", DateTimeObj::getGMT('c'), $token));
self::Database()->delete('tbl_forgotpass', sprintf(" `token` = '%s' ", $token));
} else {
$row = self::Database()->fetchRow(0, sprintf("SELECT `id`, `username`, `password`\n FROM `tbl_authors`\n WHERE SUBSTR(%s(CONCAT(`username`, `password`)), 1, 8) = '%s'\n AND `auth_token_active` = 'yes'\n LIMIT 1", 'SHA1', $token));
}
if ($row) {
self::$Author = AuthorManager::fetchByID($row['id']);
self::$Cookie->set('username', $row['username']);
self::$Cookie->set('pass', $row['password']);
self::Database()->update(array('last_seen' => DateTimeObj::getGMT('Y-m-d H:i:s')), 'tbl_authors', sprintf("\n `id` = %d", $row['id']));
return true;
}
return false;
}
/**
* This function handles the Send Mail filter which will send an email
* to each specified recipient informing them that an Entry has been
* created.
*
* @param XMLElement $result
* The XMLElement of the XML that is going to be returned as part
* of this event to the page.
* @param array $send_mail
* Associative array of `send-mail` parameters.
* @param array $fields
* Array of post data to extract the values from
* @param Section $section
* This Section for this event
* @param Section $section
* This current Entry that has just been updated or created
* @return XMLElement
* The modified `$result` with the results of the filter.
*/
public function processSendMailFilter(XMLElement $result, array $send_email, array &$fields, Section $section, Entry $entry)
{
$fields['recipient'] = self::replaceFieldToken($send_email['recipient'], $fields);
$fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
$fields['recipient'] = array_map('trim', $fields['recipient']);
$fields['subject'] = self::replaceFieldToken($send_email['subject'], $fields, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
$fields['body'] = self::replaceFieldToken($send_email['body'], $fields, null, false, false);
$fields['sender-email'] = self::replaceFieldToken($send_email['sender-email'], $fields);
$fields['sender-name'] = self::replaceFieldToken($send_email['sender-name'], $fields);
$fields['reply-to-name'] = self::replaceFieldToken($send_email['reply-to-name'], $fields);
$fields['reply-to-email'] = self::replaceFieldToken($send_email['reply-to-email'], $fields);
$edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
$language = Symphony::Configuration()->get('lang', 'symphony');
$template_path = Event::getNotificationTemplate($language);
$body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
if (is_array($fields['body'])) {
foreach ($fields['body'] as $field_handle => $value) {
$body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
}
} else {
$body .= $fields['body'];
}
// Loop over all the recipients and attempt to send them an email
// Errors will be appended to the Event XML
$errors = array();
foreach ($fields['recipient'] as $recipient) {
$author = AuthorManager::fetchByUsername($recipient);
if (empty($author)) {
$errors['recipient'][$recipient] = __('Recipient not found');
continue;
}
$email = Email::create();
// Huib: Exceptions are also thrown in the settings functions, not only in the send function.
// Those Exceptions should be caught too.
try {
$email->recipients = array($author->get('first_name') => $author->get('email'));
if ($fields['sender-name'] != null) {
$email->sender_name = $fields['sender-name'];
}
if ($fields['sender-email'] != null) {
$email->sender_email_address = $fields['sender-email'];
}
if ($fields['reply-to-name'] != null) {
$email->reply_to_name = $fields['reply-to-name'];
}
if ($fields['reply-to-email'] != null) {
$email->reply_to_email_address = $fields['reply-to-email'];
}
$email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
$email->subject = $fields['subject'];
$email->send();
} catch (EmailValidationException $e) {
$errors['address'][$author->get('email')] = $e->getMessage();
} catch (EmailGatewayException $e) {
$errors['gateway'][$author->get('email')] = $e->getMessage();
} catch (EmailException $e) {
$errors['email'][$author->get('email')] = $e->getMessage();
}
}
// If there were errors, output them to the event
if (!empty($errors)) {
$xml = self::buildFilterElement('send-email', 'failed');
foreach ($errors as $type => $messages) {
$xType = new XMLElement('error');
$xType->setAttribute('error-type', $type);
foreach ($messages as $recipient => $message) {
$xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
}
$xml->appendChild($xType);
}
$result->appendChild($xml);
} else {
$result->appendChild(self::buildFilterElement('send-email', 'passed'));
}
return $result;
}
/**
* This function determines whether an there is a currently logged in
* Author for Symphony by using the `$Cookie`'s username
* and password. If an Author is found, they will be logged in, otherwise
* the `$Cookie` will be destroyed.
*
* @see core.Cookie#expire()
*/
public function isLoggedIn()
{
// Ensures that we're in the real world.. Also reduces three queries from database
// We must return true otherwise exceptions are not shown
if (is_null(self::$_instance)) {
return true;
}
if ($this->Author) {
return true;
} else {
$username = self::Database()->cleanValue($this->Cookie->get('username'));
$password = self::Database()->cleanValue($this->Cookie->get('pass'));
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t\t", $username));
if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), true)) {
$this->Author = current($author);
self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id')));
// Only set custom author language in the backend
if (class_exists('Administration')) {
Lang::set($this->Author->get('language'));
}
return true;
}
}
$this->Cookie->expire();
return false;
}
}
public function commit()
{
$fields = $this->_fields;
if (isset($fields['id'])) {
$id = $fields['id'];
unset($fields['id']);
return AuthorManager::edit($id, $fields);
} else {
return AuthorManager::add($fields);
}
}
public function __doit($fields, &$result, $position = null, $entry_id = null)
{
$post_values = new XMLElement('post-values');
$filter_results = array();
if (!is_array($this->eParamFILTERS)) {
$this->eParamFILTERS = array();
}
// Create the post data cookie element
if (is_array($fields) && !empty($fields)) {
General::array_to_xml($post_values, $fields, true);
}
/**
* Prior to saving entry from the front-end. This delegate will
* force the Event to terminate if it populates the `$filter_results`
* array. All parameters are passed by reference.
*
* @delegate EventPreSaveFilter
* @param string $context
* '/frontend/'
* @param array $fields
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param XMLElement $post_values
* @param integer $entry_id
* If editing an entry, this parameter will be an integer,
* otherwise null.
*/
Symphony::ExtensionManager()->notifyMembers('EventPreSaveFilter', '/frontend/', array('fields' => &$fields, 'event' => &$this, 'messages' => &$filter_results, 'post_values' => &$post_values, 'entry_id' => &$entry_id));
if (is_array($filter_results) && !empty($filter_results)) {
$can_proceed = true;
foreach ($filter_results as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
if ($status === false) {
$can_proceed = false;
}
}
if ($can_proceed !== true) {
$result->appendChild($post_values);
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
return false;
}
}
include_once TOOLKIT . '/class.sectionmanager.php';
include_once TOOLKIT . '/class.entrymanager.php';
if (!($section = SectionManager::fetch($this->getSource()))) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('The Section, %s, could not be found.', array($this->getSource()))));
return false;
}
if (isset($entry_id)) {
$entry =& EntryManager::fetch($entry_id);
$entry = $entry[0];
if (!is_object($entry)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('The Entry, %s, could not be found.', array($entry_id))));
return false;
}
} else {
$entry =& EntryManager::create();
$entry->set('section_id', $this->getSource());
}
if (__ENTRY_FIELD_ERROR__ == $entry->checkPostData($fields, $errors, $entry->get('id') ? true : false)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
foreach ($errors as $field_id => $message) {
$field = FieldManager::fetch($field_id);
if (is_array($fields[$field->get('element_name')])) {
$type = array_reduce($fields[$field->get('element_name')], array('SectionEvent', '__reduceType'));
} else {
$type = $fields[$field->get('element_name')] == '' ? 'missing' : 'invalid';
}
$result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => $type, 'message' => General::sanitize($message))));
}
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
} elseif (__ENTRY_OK__ != $entry->setDataFromPost($fields, $errors, false, $entry->get('id') ? true : false)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
foreach ($errors as $field_id => $message) {
$field = FieldManager::fetch($field_id);
$result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => 'invalid', 'message' => General::sanitize($message))));
}
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
} else {
if (!$entry->commit()) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Unknown errors where encountered when saving.')));
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
}
$result->setAttribute('id', $entry->get('id'));
}
// PASSIVE FILTERS ONLY AT THIS STAGE. ENTRY HAS ALREADY BEEN CREATED.
if (in_array('send-email', $this->eParamFILTERS) && !in_array('expect-multiple', $this->eParamFILTERS)) {
if (!function_exists('__sendEmailFindFormValue')) {
function __sendEmailFindFormValue($needle, $haystack, $discard_field_name = true, $default = null, $collapse = true)
{
if (preg_match('/^(fields\\[[^\\]]+\\],?)+$/i', $needle)) {
$parts = preg_split('/\\,/i', $needle, -1, PREG_SPLIT_NO_EMPTY);
$parts = array_map('trim', $parts);
$stack = array();
foreach ($parts as $p) {
$field = str_replace(array('fields[', ']'), '', $p);
$discard_field_name ? $stack[] = $haystack[$field] : ($stack[$field] = $haystack[$field]);
}
if (is_array($stack) && !empty($stack)) {
return $collapse ? implode(' ', $stack) : $stack;
} else {
$needle = null;
}
}
$needle = trim($needle);
if (empty($needle)) {
return $default;
}
return $needle;
}
}
$fields = $_POST['send-email'];
$db = Symphony::Database();
$fields['recipient'] = __sendEmailFindFormValue($fields['recipient'], $_POST['fields'], true);
$fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
$fields['recipient'] = array_map('trim', $fields['recipient']);
$fields['subject'] = __sendEmailFindFormValue($fields['subject'], $_POST['fields'], true, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
$fields['body'] = __sendEmailFindFormValue($fields['body'], $_POST['fields'], false, null, false);
$fields['sender-email'] = __sendEmailFindFormValue($fields['sender-email'], $_POST['fields'], true, null);
$fields['sender-name'] = __sendEmailFindFormValue($fields['sender-name'], $_POST['fields'], true, null);
$fields['reply-to-name'] = __sendEmailFindFormValue($fields['reply-to-name'], $_POST['fields'], true, null);
$fields['reply-to-email'] = __sendEmailFindFormValue($fields['reply-to-email'], $_POST['fields'], true, null);
$edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
$language = Symphony::Configuration()->get('lang', 'symphony');
$template_path = Event::getNotificationTemplate($language);
$body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
if (is_array($fields['body'])) {
foreach ($fields['body'] as $field_handle => $value) {
$body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
}
} else {
$body .= $fields['body'];
}
// Loop over all the recipients and attempt to send them an email
// Errors will be appended to the Event XML
$errors = array();
foreach ($fields['recipient'] as $recipient) {
$author = AuthorManager::fetchByUsername($recipient);
if (empty($author)) {
$errors['recipient'][$recipient] = __('Recipient not found');
continue;
}
$email = Email::create();
// Huib: Exceptions are also thrown in the settings functions, not only in the send function.
// Those Exceptions should be caught too.
try {
$email->recipients = array($author->get('first_name') => $author->get('email'));
if ($fields['sender-name'] != null) {
$email->sender_name = $fields['sender-name'];
}
if ($fields['sender-email'] != null) {
$email->sender_email_address = $fields['sender-email'];
}
if ($fields['reply-to-name'] != null) {
$email->reply_to_name = $fields['reply-to-name'];
}
if ($fields['reply-to-email'] != null) {
$email->reply_to_email_address = $fields['reply-to-email'];
}
$email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
$email->subject = $fields['subject'];
$email->send();
} catch (EmailValidationException $e) {
$errors['address'][$author->get('email')] = $e->getMessage();
} catch (EmailGatewayException $e) {
// The current error array does not permit custom tags.
// Therefore, it is impossible to set a "proper" error message.
// Will return the failed email address instead.
$errors['gateway'][$author->get('email')] = $e->getMessage();
} catch (EmailException $e) {
// Because we don't want symphony to break because it can not send emails,
// all exceptions are logged silently.
// Any custom event can change this behaviour.
$errors['email'][$author->get('email')] = $e->getMessage();
}
}
// If there were errors, output them to the event
if (!empty($errors)) {
$xml = $this->buildFilterElement('send-email', 'failed');
foreach ($errors as $type => $messages) {
$xType = new XMLElement('error');
$xType->setAttribute('error-type', $type);
foreach ($messages as $recipient => $message) {
$xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
}
$xml->appendChild($xType);
}
$result->appendChild($xml);
} else {
$result->appendChild($this->buildFilterElement('send-email', 'passed'));
}
}
$filter_results = array();
/**
* After saving entry from the front-end. This delegate will not force
* the Events to terminate if it populates the `$filter_results` array.
* Provided with references to this object, the `$_POST` data and also
* the error array
*
* @delegate EventPostSaveFilter
* @param string $context
* '/frontend/'
* @param integer $entry_id
* @param array $fields
* @param Entry $entry
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
*/
Symphony::ExtensionManager()->notifyMembers('EventPostSaveFilter', '/frontend/', array('entry_id' => $entry->get('id'), 'fields' => $fields, 'entry' => $entry, 'event' => &$this, 'messages' => &$filter_results));
if (is_array($filter_results) && !empty($filter_results)) {
foreach ($filter_results as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
}
}
$filter_errors = array();
/**
* This delegate that lets extensions know the final status of the
* current Event. It is triggered when everything has processed correctly.
* The `$messages` array contains the results of the previous filters that
* have executed, and the `$errors` array contains any errors that have
* occurred as a result of this delegate. These errors cannot stop the
* processing of the Event, as that has already been done.
*
*
* @delegate EventFinalSaveFilter
* @param string $context
* '/frontend/'
* @param array $fields
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param array $errors
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param Entry $entry
*/
Symphony::ExtensionManager()->notifyMembers('EventFinalSaveFilter', '/frontend/', array('fields' => $fields, 'event' => $this, 'messages' => $filter_results, 'errors' => &$filter_errors, 'entry' => $entry));
if (is_array($filter_errors) && !empty($filter_errors)) {
foreach ($filter_errors as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
}
}
$result->setAttributeArray(array('result' => 'success', 'type' => isset($entry_id) ? 'edited' : 'created'));
$result->appendChild(new XMLElement('message', isset($entry_id) ? __('Entry edited successfully.') : __('Entry created successfully.')));
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return true;
}
<?php
/***
*
* Symphony web publishing system
*
* Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
*
* @version 1.7
* @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
*
***/
if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) {
$fields = $_POST['fields'];
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$required = array('firstname', 'lastname', 'username', 'email', 'password');
for ($i = 0; $i < count($required); $i++) {
if (trim($fields[$required[$i]]) == "") {
$errors[$required[$i]] = true;
}
}
if (is_array($errors)) {
define("__SYM_ENTRY_MISSINGFIELDS__", true);
} elseif ($fields['password'] != $fields['password_confirm']) {
$Admin->pageAlert("password-mismatch", NULL, false, 'error');
} elseif ($authorManager->fetchByUsername($fields['username'])) {
$Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error');
} else {
$author =& $authorManager->create();
$author->set('textformat', $fields['textformat']);
