/** * Configuration of registration settings. * * Events: BeforeRegistrationUpdate * * @since 2.0.0 * @access public * @param string $RedirectUrl Where to send user after registration. */ public function registration($RedirectUrl = '') { $this->permission('Garden.Settings.Manage'); $this->addSideMenu('dashboard/settings/registration'); $this->addJsFile('registration.js'); $this->title(t('Registration')); // Load roles with sign-in permission $RoleModel = new RoleModel(); $this->RoleData = $RoleModel->getByPermission('Garden.SignIn.Allow'); $this->setData('_Roles', array_column($this->RoleData->resultArray(), 'Name', 'RoleID')); // Get currently selected InvitationOptions $this->ExistingRoleInvitations = Gdn::config('Garden.Registration.InviteRoles'); if (is_array($this->ExistingRoleInvitations) === false) { $this->ExistingRoleInvitations = array(); } // Get the currently selected Expiration Length $this->InviteExpiration = Gdn::config('Garden.Registration.InviteExpiration', ''); // Registration methods. $this->RegistrationMethods = array('Basic' => "New users fill out a simple form and are granted access immediately.", 'Approval' => "New users are reviewed and approved by an administrator (that's you!).", 'Invitation' => "Existing members send invitations to new members.", 'Connect' => "New users are only registered through SSO plugins."); // Options for how many invitations a role can send out per month. $this->InvitationOptions = array('0' => t('None'), '1' => '1', '2' => '2', '5' => '5', '-1' => t('Unlimited')); // Options for when invitations should expire. $this->InviteExpirationOptions = array('1 week' => t('1 week after being sent'), '2 weeks' => t('2 weeks after being sent'), '1 month' => t('1 month after being sent'), 'FALSE' => t('never')); // Replace 'Captcha' with 'Basic' if needed if (c('Garden.Registration.Method') == 'Captcha') { saveToConfig('Garden.Registration.Method', 'Basic'); } // Create a model to save configuration settings $Validation = new Gdn_Validation(); $ConfigurationModel = new Gdn_ConfigurationModel($Validation); $registrationOptions = array('Garden.Registration.Method' => 'Basic', 'Garden.Registration.InviteExpiration', 'Garden.Registration.ConfirmEmail'); $ConfigurationModel->setField($registrationOptions); $this->EventArguments['Validation'] =& $Validation; $this->EventArguments['Configuration'] =& $ConfigurationModel; $this->fireEvent('Registration'); // Set the model on the forms. $this->Form->setModel($ConfigurationModel); if ($this->Form->authenticatedPostBack() === false) { $this->Form->setData($ConfigurationModel->Data); } else { // Define some validation rules for the fields being saved $ConfigurationModel->Validation->applyRule('Garden.Registration.Method', 'Required'); // Define the Garden.Registration.RoleInvitations setting based on the postback values $InvitationRoleIDs = $this->Form->getValue('InvitationRoleID'); $InvitationCounts = $this->Form->getValue('InvitationCount'); $this->ExistingRoleInvitations = arrayCombine($InvitationRoleIDs, $InvitationCounts); $ConfigurationModel->forceSetting('Garden.Registration.InviteRoles', $this->ExistingRoleInvitations); // Event hook $this->EventArguments['ConfigurationModel'] =& $ConfigurationModel; $this->fireEvent('BeforeRegistrationUpdate'); // Save! if ($this->Form->save() !== false) { $this->informMessage(t("Your settings have been saved.")); if ($RedirectUrl != '') { $this->RedirectUrl = $RedirectUrl; } } } $this->render(); }
/** * Move a category to a different parent. * * @param int $categoryID Unique ID for the category to move. * @throws Exception if category is not found. */ public function moveCategory($categoryID) { // Check permission $this->permission(['Garden.Community.Manage', 'Garden.Settings.Manage'], false); $category = CategoryModel::categories($categoryID); if (!$category) { throw notFoundException(); } $this->Form->setModel($this->CategoryModel); $this->Form->addHidden('CategoryID', $categoryID); $this->setData('Category', $category); $parentCategories = CategoryModel::getAncestors($categoryID); array_pop($parentCategories); if (!empty($parentCategories)) { $this->setData('ParentCategories', array_column($parentCategories, 'Name', 'CategoryID')); } if ($this->Form->authenticatedPostBack()) { // Verify we're only attempting to save specific values. $this->Form->formValues(['CategoryID' => $this->Form->getValue('CategoryID'), 'ParentCategoryID' => $this->Form->getValue('ParentCategoryID')]); $this->Form->save(); } else { $this->Form->setData($category); } $this->render(); }
/** * Remove an addon from a discussion. * * @param int $DiscussionID Discussion to remove addon attachment. * @throws Gdn_UserException Discussion not found. */ public function detachFromDiscussion($DiscussionID = null) { $this->permission('Addons.Addon.Manage'); $DiscussionModel = new DiscussionModel(); $Discussion = $DiscussionModel->getID($DiscussionID); if ($Discussion) { $Addon = $this->AddonModel->getID($Discussion->AddonID); $this->Form->setData($Addon); $RedirectUrl = 'discussion/' . $Discussion->DiscussionID; } else { throw notFoundException('Discussion'); } if ($this->Form->authenticatedPostBack()) { if (!$this->Form->getFormValue('DetachConfirm', false)) { $this->Form->addError(t('You must confirm the detachment'), 'DetachConfirm'); } else { $DiscussionModel->setField($DiscussionID, 'AddonID', null); if ($this->deliveryType() === DELIVERY_TYPE_ALL) { redirect($RedirectUrl); } else { $this->informMessage(t('Successfully detached addon')); $this->jsonTarget('.Warning.AddonAttachment', null, 'Remove'); $this->jsonTarget('a.AttachAddonDiscussion.Popup', t('Attach Addon...'), 'Text'); } } } $this->render('detach'); }
/** * Enabling and disabling categories from list. * * @since 2.0.0 * @access public */ public function manageCategories() { // Check permission $this->permission('Garden.Community.Manage'); $this->addSideMenu('vanilla/settings/managecategories'); $this->addJsFile('categories.js'); $this->addJsFile('jquery.alphanumeric.js'); // This now works on latest jQuery version 1.10.2 // // Jan29, 2014, upgraded jQuery UI to 1.10.3 from 1.8.11 $this->addJsFile('nestedSortable/jquery-ui.min.js'); // Newer nestedSortable, but does not work. //$this->addJsFile('js/library/nestedSortable/jquery.mjs.nestedSortable.js'); // old jquery-ui //$this->addJsFile('js/library/nestedSortable.1.3.4/jquery-ui-1.8.11.custom.min.js'); $this->addJsFile('nestedSortable.1.3.4/jquery.ui.nestedSortable.js'); $this->title(t('Categories')); // Get category data $CategoryData = $this->CategoryModel->getAll('TreeLeft'); // Set CanDelete per-category so we can override later if we want. $canDelete = checkPermission('Garden.Settings.Manage'); array_walk($CategoryData->result(), function (&$value) use($canDelete) { setvalr('CanDelete', $value, $canDelete); }); $this->setData('CategoryData', $CategoryData, true); // Setup & save forms $Validation = new Gdn_Validation(); $ConfigurationModel = new Gdn_ConfigurationModel($Validation); $ConfigurationModel->setField(array('Vanilla.Categories.MaxDisplayDepth', 'Vanilla.Categories.DoHeadings', 'Vanilla.Categories.HideModule')); // Set the model on the form. $this->Form->setModel($ConfigurationModel); // Define MaxDepthOptions $DepthData = array(); $DepthData['2'] = sprintf(t('more than %s deep'), plural(1, '%s level', '%s levels')); $DepthData['3'] = sprintf(t('more than %s deep'), plural(2, '%s level', '%s levels')); $DepthData['4'] = sprintf(t('more than %s deep'), plural(3, '%s level', '%s levels')); $DepthData['0'] = t('never'); $this->setData('MaxDepthData', $DepthData); // If seeing the form for the first time... if ($this->Form->authenticatedPostBack() === false) { // Apply the config settings to the form. $this->Form->setData($ConfigurationModel->Data); } else { if ($this->Form->save() !== false) { $this->informMessage(t("Your settings have been saved.")); } } // Render default view $this->render(); }
/** * Edit a user account. * * @since 2.0.0 * @access public * @param int $UserID Unique ID. */ public function edit($UserID) { $this->permission('Garden.Users.Edit'); // Page setup $this->addJsFile('user.js'); $this->title(t('Edit User')); $this->addSideMenu('dashboard/user'); // Only admins can reassign roles $RoleModel = new RoleModel(); $AllRoles = $RoleModel->getArray(); $RoleData = $RoleModel->getAssignable(); $UserModel = new UserModel(); $User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY); // Determine if username can be edited $CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanEditUsername', $CanEditUsername); // Determine if emails can be edited $CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanEditEmail', $CanEditEmail); // Decide if they have ability to confirm users $Confirmed = (bool) valr('Confirmed', $User); $CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanConfirmEmail', $CanConfirmEmail); $this->setData('_EmailConfirmed', $Confirmed); $User['ConfirmEmail'] = (int) $Confirmed; // Determine whether user being edited is privileged (can escalate permissions) $UserModel = new UserModel(); $EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage'); // Determine our password reset options // Anyone with user editing my force reset over email $this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.')); // Only admins may manually reset passwords for other admins if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) { $this->ResetOptions['Manual'] = t('Manually set user password. No email notification.'); } // Set the model on the form. $this->Form->setModel($UserModel); // Make sure the form knows which item we are editing. $this->Form->addHidden('UserID', $UserID); try { $AllowEditing = true; $this->EventArguments['AllowEditing'] =& $AllowEditing; $this->EventArguments['TargetUser'] =& $User; // These are all the 'effective' roles for this edit action. This list can // be trimmed down from the real list to allow subsets of roles to be // edited. $this->EventArguments['RoleData'] =& $RoleData; $UserRoleData = $UserModel->getRoles($UserID)->resultArray(); $RoleIDs = array_column($UserRoleData, 'RoleID'); $RoleNames = array_column($UserRoleData, 'Name'); $UserRoleData = arrayCombine($RoleIDs, $RoleNames); $this->EventArguments['UserRoleData'] =& $UserRoleData; $this->fireEvent("BeforeUserEdit"); $this->setData('AllowEditing', $AllowEditing); $this->Form->setData($User); if ($this->Form->authenticatedPostBack()) { if (!$CanEditUsername) { $this->Form->setFormValue("Name", $User['Name']); } // Allow mods to confirm/unconfirm emails $this->Form->removeFormValue('Confirmed'); $Confirmation = $this->Form->getFormValue('ConfirmEmail', null); $Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null; if ($CanConfirmEmail && is_bool($Confirmation)) { $this->Form->setFormValue('Confirmed', (int) $Confirmation); } $ResetPassword = $this->Form->getValue('ResetPassword', false); // If we're an admin or this isn't a privileged user, allow manual setting of password $AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser; if ($ResetPassword == 'Manual' && $AllowManualReset) { // If a new password was specified, add it to the form's collection $NewPassword = $this->Form->getValue('NewPassword', ''); $this->Form->setFormValue('Password', $NewPassword); } // Role changes // These are the new roles the editing user wishes to apply to the target // user, adjusted for his ability to affect those roles $RequestedRoles = $this->Form->getFormValue('RoleID'); if (!is_array($RequestedRoles)) { $RequestedRoles = array(); } $RequestedRoles = array_flip($RequestedRoles); $UserNewRoles = array_intersect_key($RoleData, $RequestedRoles); // These roles will stay turned on regardless of the form submission contents // because the editing user does not have permission to modify them $ImmutableRoles = array_diff_key($AllRoles, $RoleData); $UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData); // Apply immutable roles foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) { $UserNewRoles[$IMRoleID] = $IMRoleName; } // Put the data back into the forum object as if the user had submitted // this themselves $this->Form->setFormValue('RoleID', array_keys($UserNewRoles)); if ($this->Form->save(array('SaveRoles' => true)) !== false) { if ($this->Form->getValue('ResetPassword', '') == 'Auto') { $UserModel->PasswordRequest($User['Email']); $UserModel->setField($UserID, 'HashMethod', 'Reset'); } $this->informMessage(t('Your changes have been saved.')); } $UserRoleData = $UserNewRoles; } } catch (Exception $Ex) { $this->Form->addError($Ex); } $this->setData('User', $User); $this->setData('Roles', $RoleData); $this->setData('UserRoles', $UserRoleData); $this->render(); }
/** * Allows the configuration of basic setup information in Garden. This * should not be functional after the application has been set up. * * @since 2.0.0 * @access public * @param string $RedirectUrl Where to send user afterward. */ private function configure($RedirectUrl = '') { // Create a model to save configuration settings $Validation = new Gdn_Validation(); $ConfigurationModel = new Gdn_ConfigurationModel($Validation); $ConfigurationModel->setField(array('Garden.Locale', 'Garden.Title', 'Garden.WebRoot', 'Garden.Cookie.Salt', 'Garden.Cookie.Domain', 'Database.Name', 'Database.Host', 'Database.User', 'Database.Password', 'Garden.Registration.ConfirmEmail', 'Garden.Email.SupportName')); // Set the models on the forms. $this->Form->setModel($ConfigurationModel); // If seeing the form for the first time... if (!$this->Form->isPostback()) { // Force the webroot using our best guesstimates $ConfigurationModel->Data['Database.Host'] = 'localhost'; $this->Form->setData($ConfigurationModel->Data); } else { // Define some validation rules for the fields being saved $ConfigurationModel->Validation->applyRule('Database.Name', 'Required', 'You must specify the name of the database in which you want to set up Vanilla.'); // Let's make some user-friendly custom errors for database problems $DatabaseHost = $this->Form->getFormValue('Database.Host', '~~Invalid~~'); $DatabaseName = $this->Form->getFormValue('Database.Name', '~~Invalid~~'); $DatabaseUser = $this->Form->getFormValue('Database.User', '~~Invalid~~'); $DatabasePassword = $this->Form->getFormValue('Database.Password', '~~Invalid~~'); $ConnectionString = GetConnectionString($DatabaseName, $DatabaseHost); try { $Connection = new PDO($ConnectionString, $DatabaseUser, $DatabasePassword); } catch (PDOException $Exception) { switch ($Exception->getCode()) { case 1044: $this->Form->addError(t('The database user you specified does not have permission to access the database. Have you created the database yet? The database reported: <code>%s</code>'), strip_tags($Exception->getMessage())); break; case 1045: $this->Form->addError(t('Failed to connect to the database with the username and password you entered. Did you mistype them? The database reported: <code>%s</code>'), strip_tags($Exception->getMessage())); break; case 1049: $this->Form->addError(t('It appears as though the database you specified does not exist yet. Have you created it yet? Did you mistype the name? The database reported: <code>%s</code>'), strip_tags($Exception->getMessage())); break; case 2005: $this->Form->addError(t("Are you sure you've entered the correct database host name? Maybe you mistyped it? The database reported: <code>%s</code>"), strip_tags($Exception->getMessage())); break; default: $this->Form->addError(sprintf(t('ValidateConnection'), strip_tags($Exception->getMessage()))); break; } } $ConfigurationModel->Validation->applyRule('Garden.Title', 'Required'); $ConfigurationFormValues = $this->Form->formValues(); if ($ConfigurationModel->validate($ConfigurationFormValues) !== true || $this->Form->errorCount() > 0) { // Apply the validation results to the form(s) $this->Form->setValidationResults($ConfigurationModel->validationResults()); } else { $Host = array_shift(explode(':', Gdn::request()->requestHost())); $Domain = Gdn::request()->domain(); // Set up cookies now so that the user can be signed in. $ExistingSalt = c('Garden.Cookie.Salt', false); $ConfigurationFormValues['Garden.Cookie.Salt'] = $ExistingSalt ? $ExistingSalt : betterRandomString(16, 'Aa0'); $ConfigurationFormValues['Garden.Cookie.Domain'] = ''; // Don't set this to anything by default. # Tim - 2010-06-23 // Additional default setup values. $ConfigurationFormValues['Garden.Registration.ConfirmEmail'] = true; $ConfigurationFormValues['Garden.Email.SupportName'] = $ConfigurationFormValues['Garden.Title']; $ConfigurationModel->save($ConfigurationFormValues, true); // If changing locale, redefine locale sources: $NewLocale = 'en-CA'; // $this->Form->getFormValue('Garden.Locale', false); if ($NewLocale !== false && Gdn::config('Garden.Locale') != $NewLocale) { $Locale = Gdn::locale(); $Locale->set($NewLocale); } // Install db structure & basic data. $Database = Gdn::database(); $Database->init(); $Drop = false; $Explicit = false; try { include PATH_APPLICATIONS . DS . 'dashboard' . DS . 'settings' . DS . 'structure.php'; } catch (Exception $ex) { $this->Form->addError($ex); } if ($this->Form->errorCount() > 0) { return false; } // Create the administrative user $UserModel = Gdn::userModel(); $UserModel->defineSchema(); $UsernameError = t('UsernameError', 'Username can only contain letters, numbers, underscores, and must be between 3 and 20 characters long.'); $UserModel->Validation->applyRule('Name', 'Username', $UsernameError); $UserModel->Validation->applyRule('Name', 'Required', t('You must specify an admin username.')); $UserModel->Validation->applyRule('Password', 'Required', t('You must specify an admin password.')); $UserModel->Validation->applyRule('Password', 'Match'); $UserModel->Validation->applyRule('Email', 'Email'); if (!($AdminUserID = $UserModel->SaveAdminUser($ConfigurationFormValues))) { $this->Form->setValidationResults($UserModel->validationResults()); } else { // The user has been created successfully, so sign in now. saveToConfig('Garden.Installed', true, array('Save' => false)); Gdn::session()->start($AdminUserID, true); saveToConfig('Garden.Installed', false, array('Save' => false)); } if ($this->Form->errorCount() > 0) { return false; } // Assign some extra settings to the configuration file if everything succeeded. $ApplicationInfo = array(); include CombinePaths(array(PATH_APPLICATIONS . DS . 'dashboard' . DS . 'settings' . DS . 'about.php')); // Detect Internet connection for CDNs $Disconnected = !(bool) @fsockopen('ajax.googleapis.com', 80); saveToConfig(array('Garden.Version' => val('Version', val('Dashboard', $ApplicationInfo, array()), 'Undefined'), 'Garden.Cdns.Disable' => $Disconnected, 'Garden.CanProcessImages' => function_exists('gd_info'), 'EnabledPlugins.GettingStarted' => 'GettingStarted', 'EnabledPlugins.HtmLawed' => 'HtmLawed')); } } return $this->Form->errorCount() == 0 ? true : false; }
/** * Connect the user with an external source. * * This controller method is meant to be used with plugins that set its data array to work. * Events: ConnectData * * @since 2.0.0 * @access public * * @param string $Method Used to register multiple providers on ConnectData event. */ public function connect($Method) { $this->addJsFile('entry.js'); $this->View = 'connect'; $IsPostBack = $this->Form->isPostBack() && $this->Form->getFormValue('Connect', null) !== null; $UserSelect = $this->Form->getFormValue('UserSelect'); if (!$IsPostBack) { // Here are the initial data array values. that can be set by a plugin. $Data = array('Provider' => '', 'ProviderName' => '', 'UniqueID' => '', 'FullName' => '', 'Name' => '', 'Email' => '', 'Photo' => '', 'Target' => $this->target()); $this->Form->setData($Data); $this->Form->addHidden('Target', $this->Request->get('Target', '/')); } // The different providers can check to see if they are being used and modify the data array accordingly. $this->EventArguments = array($Method); // Fire ConnectData event & error handling. $currentData = $this->Form->formValues(); // Filter the form data for users here. SSO plugins must reset validated data each postback. $filteredData = Gdn::userModel()->filterForm($currentData, true); $filteredData = array_replace($filteredData, arrayTranslate($currentData, ['TransientKey', 'hpt'])); unset($filteredData['Roles'], $filteredData['RoleID']); $this->Form->formValues($filteredData); try { $this->EventArguments['Form'] = $this->Form; $this->fireEvent('ConnectData'); $this->fireEvent('AfterConnectData'); } catch (Gdn_UserException $Ex) { $this->Form->addError($Ex); return $this->render('ConnectError'); } catch (Exception $Ex) { if (Debug()) { $this->Form->addError($Ex); } else { $this->Form->addError('There was an error fetching the connection data.'); } return $this->render('ConnectError'); } if (!UserModel::noEmail()) { if (!$this->Form->getFormValue('Email') || $this->Form->getFormValue('EmailVisible')) { $this->Form->setFormValue('EmailVisible', true); $this->Form->addHidden('EmailVisible', true); if ($IsPostBack) { $this->Form->setFormValue('Email', val('Email', $currentData)); } } } $FormData = $this->Form->formValues(); // debug // Make sure the minimum required data has been provided to the connect. if (!$this->Form->getFormValue('Provider')) { $this->Form->addError('ValidateRequired', t('Provider')); } if (!$this->Form->getFormValue('UniqueID')) { $this->Form->addError('ValidateRequired', t('UniqueID')); } if (!$this->data('Verified')) { // Whatever event handler catches this must Set the data 'Verified' to true to prevent a random site from connecting without credentials. // This must be done EVERY postback and is VERY important. $this->Form->addError('The connection data has not been verified.'); } if ($this->Form->errorCount() > 0) { return $this->render(); } $UserModel = Gdn::userModel(); // Check to see if there is an existing user associated with the information above. $Auth = $UserModel->getAuthentication($this->Form->getFormValue('UniqueID'), $this->Form->getFormValue('Provider')); $UserID = val('UserID', $Auth); // Check to synchronise roles upon connecting. if (($this->data('Trusted') || c('Garden.SSO.SyncRoles')) && $this->Form->getFormValue('Roles', null) !== null) { $SaveRoles = $SaveRolesRegister = true; // Translate the role names to IDs. $Roles = $this->Form->getFormValue('Roles', null); $Roles = RoleModel::getByName($Roles); $RoleIDs = array_keys($Roles); if (empty($RoleIDs)) { // The user must have at least one role. This protects that. $RoleIDs = $this->UserModel->newUserRoleIDs(); } if (c('Garden.SSO.SyncRolesBehavior') === 'register') { $SaveRoles = false; } $this->Form->setFormValue('RoleID', $RoleIDs); } else { $SaveRoles = false; $SaveRolesRegister = false; } if ($UserID) { // The user is already connected. $this->Form->setFormValue('UserID', $UserID); if (c('Garden.Registration.ConnectSynchronize', true)) { $User = Gdn::userModel()->getID($UserID, DATASET_TYPE_ARRAY); $Data = $this->Form->formValues(); // Don't overwrite the user photo if the user uploaded a new one. $Photo = val('Photo', $User); if (!val('Photo', $Data) || $Photo && !isUrl($Photo)) { unset($Data['Photo']); } // Synchronize the user's data. $UserModel->save($Data, array('NoConfirmEmail' => true, 'FixUnique' => true, 'SaveRoles' => $SaveRoles)); } // Always save the attributes because they may contain authorization information. if ($Attributes = $this->Form->getFormValue('Attributes')) { $UserModel->saveAttribute($UserID, $Attributes); } // Sign the user in. Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // $this->_setRedirect(TRUE); $this->_setRedirect($this->Request->get('display') == 'popup'); } elseif ($this->Form->getFormValue('Name') || $this->Form->getFormValue('Email')) { $NameUnique = c('Garden.Registration.NameUnique', true); $EmailUnique = c('Garden.Registration.EmailUnique', true); $AutoConnect = c('Garden.Registration.AutoConnect'); if ($IsPostBack && $this->Form->getFormValue('ConnectName')) { $searchName = $this->Form->getFormValue('ConnectName'); } else { $searchName = $this->Form->getFormValue('Name'); } // Get the existing users that match the name or email of the connection. $Search = false; if ($searchName && $NameUnique) { $UserModel->SQL->orWhere('Name', $searchName); $Search = true; } if ($this->Form->getFormValue('Email') && ($EmailUnique || $AutoConnect)) { $UserModel->SQL->orWhere('Email', $this->Form->getFormValue('Email')); $Search = true; } if (is_numeric($UserSelect)) { $UserModel->SQL->orWhere('UserID', $UserSelect); $Search = true; } if ($Search) { $ExistingUsers = $UserModel->getWhere()->resultArray(); } else { $ExistingUsers = array(); } // Check to automatically link the user. if ($AutoConnect && count($ExistingUsers) > 0) { if ($IsPostBack && $this->Form->getFormValue('ConnectName')) { $this->Form->setFormValue('Name', $this->Form->getFormValue('ConnectName')); } foreach ($ExistingUsers as $Row) { if (strcasecmp($this->Form->getFormValue('Email'), $Row['Email']) === 0) { $UserID = $Row['UserID']; $this->Form->setFormValue('UserID', $UserID); $Data = $this->Form->formValues(); if (c('Garden.Registration.ConnectSynchronize', true)) { // Don't overwrite a photo if the user has already uploaded one. $Photo = val('Photo', $Row); if (!val('Photo', $Data) || $Photo && !stringBeginsWith($Photo, 'http')) { unset($Data['Photo']); } $UserModel->save($Data, array('NoConfirmEmail' => true, 'FixUnique' => true, 'SaveRoles' => $SaveRoles)); } if ($Attributes = $this->Form->getFormValue('Attributes')) { $UserModel->saveAttribute($UserID, $Attributes); } // Save the userauthentication link. $UserModel->saveAuthentication(array('UserID' => $UserID, 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID'))); // Sign the user in. Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // $this->_setRedirect(TRUE); $this->_setRedirect($this->Request->get('display') == 'popup'); $this->render(); return; } } } $CurrentUserID = Gdn::session()->UserID; // Massage the existing users. foreach ($ExistingUsers as $Index => $UserRow) { if ($EmailUnique && $UserRow['Email'] == $this->Form->getFormValue('Email')) { $EmailFound = $UserRow; break; } if ($UserRow['Name'] == $this->Form->getFormValue('Name')) { $NameFound = $UserRow; } if ($CurrentUserID > 0 && $UserRow['UserID'] == $CurrentUserID) { unset($ExistingUsers[$Index]); $CurrentUserFound = true; } } if (isset($EmailFound)) { // The email address was found and can be the only user option. $ExistingUsers = array($UserRow); $this->setData('NoConnectName', true); } elseif (isset($CurrentUserFound)) { $ExistingUsers = array_merge(array('UserID' => 'current', 'Name' => sprintf(t('%s (Current)'), Gdn::session()->User->Name)), $ExistingUsers); } if (!isset($NameFound) && !$IsPostBack) { $this->Form->setFormValue('ConnectName', $this->Form->getFormValue('Name')); } $this->setData('ExistingUsers', $ExistingUsers); if (UserModel::noEmail()) { $EmailValid = true; } else { $EmailValid = validateRequired($this->Form->getFormValue('Email')); } if ((!$UserSelect || $UserSelect == 'other') && $this->Form->getFormValue('Name') && $EmailValid && (!is_array($ExistingUsers) || count($ExistingUsers) == 0)) { // There is no existing user with the suggested name so we can just create the user. $User = $this->Form->formValues(); $User['Password'] = randomString(50); // some password is required $User['HashMethod'] = 'Random'; $User['Source'] = $this->Form->getFormValue('Provider'); $User['SourceID'] = $this->Form->getFormValue('UniqueID'); $User['Attributes'] = $this->Form->getFormValue('Attributes', null); $User['Email'] = $this->Form->getFormValue('ConnectEmail', $this->Form->getFormValue('Email', null)); $UserID = $UserModel->register($User, array('CheckCaptcha' => false, 'ValidateEmail' => false, 'NoConfirmEmail' => true, 'SaveRoles' => $SaveRolesRegister)); $User['UserID'] = $UserID; $this->Form->setValidationResults($UserModel->validationResults()); if ($UserID) { $UserModel->saveAuthentication(array('UserID' => $UserID, 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID'))); $this->Form->setFormValue('UserID', $UserID); $this->Form->setFormValue('UserSelect', false); Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // Send the welcome email. if (c('Garden.Registration.SendConnectEmail', false)) { try { $UserModel->sendWelcomeEmail($UserID, '', 'Connect', array('ProviderName' => $this->Form->getFormValue('ProviderName', $this->Form->getFormValue('Provider', 'Unknown')))); } catch (Exception $Ex) { // Do nothing if emailing doesn't work. } } $this->_setRedirect(true); } } } // Save the user's choice. if ($IsPostBack) { // The user has made their decision. $PasswordHash = new Gdn_PasswordHash(); if (!$UserSelect || $UserSelect == 'other') { // The user entered a username. $ConnectNameEntered = true; if ($this->Form->validateRule('ConnectName', 'ValidateRequired')) { $ConnectName = $this->Form->getFormValue('ConnectName'); $User = false; if (c('Garden.Registration.NameUnique')) { // Check to see if there is already a user with the given name. $User = $UserModel->getWhere(array('Name' => $ConnectName))->firstRow(DATASET_TYPE_ARRAY); } if (!$User) { $this->Form->validateRule('ConnectName', 'ValidateUsername'); } } } else { // The user selected an existing user. $ConnectNameEntered = false; if ($UserSelect == 'current') { if (Gdn::session()->UserID == 0) { // This shouldn't happen, but a use could sign out in another browser and click submit on this form. $this->Form->addError('@You were unexpectedly signed out.'); } else { $UserSelect = Gdn::session()->UserID; } } $User = $UserModel->getID($UserSelect, DATASET_TYPE_ARRAY); } if (isset($User) && $User) { // Make sure the user authenticates. if (!$User['UserID'] == Gdn::session()->UserID) { if ($this->Form->validateRule('ConnectPassword', 'ValidateRequired', sprintf(t('ValidateRequired'), t('Password')))) { try { if (!$PasswordHash->checkPassword($this->Form->getFormValue('ConnectPassword'), $User['Password'], $User['HashMethod'], $this->Form->getFormValue('ConnectName'))) { if ($ConnectNameEntered) { $this->Form->addError('The username you entered has already been taken.'); } else { $this->Form->addError('The password you entered is incorrect.'); } } } catch (Gdn_UserException $Ex) { $this->Form->addError($Ex); } } } } elseif ($this->Form->errorCount() == 0) { // The user doesn't exist so we need to add another user. $User = $this->Form->formValues(); $User['Name'] = $User['ConnectName']; $User['Password'] = randomString(50); // some password is required $User['HashMethod'] = 'Random'; $UserID = $UserModel->register($User, array('CheckCaptcha' => false, 'NoConfirmEmail' => true, 'SaveRoles' => $SaveRolesRegister)); $User['UserID'] = $UserID; $this->Form->setValidationResults($UserModel->validationResults()); if ($UserID && c('Garden.Registration.SendConnectEmail', false)) { // Send the welcome email. $UserModel->sendWelcomeEmail($UserID, '', 'Connect', array('ProviderName' => $this->Form->getFormValue('ProviderName', $this->Form->getFormValue('Provider', 'Unknown')))); } } if ($this->Form->errorCount() == 0) { // Save the authentication. if (isset($User) && val('UserID', $User)) { $UserModel->saveAuthentication(array('UserID' => $User['UserID'], 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID'))); $this->Form->setFormValue('UserID', $User['UserID']); } // Sign the appropriate user in. Gdn::session()->start($this->Form->getFormValue('UserID'), true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); $this->_setRedirect(true); } } $this->render(); }
/** * Create or update a comment. * * @since 2.0.0 * @access public * * @param int $DiscussionID Unique ID to add the comment to. If blank, this method will throw an error. */ public function comment($DiscussionID = '') { // Get $DiscussionID from RequestArgs if valid if ($DiscussionID == '' && count($this->RequestArgs)) { if (is_numeric($this->RequestArgs[0])) { $DiscussionID = $this->RequestArgs[0]; } } // If invalid $DiscussionID, get from form. $this->Form->setModel($this->CommentModel); $DiscussionID = is_numeric($DiscussionID) ? $DiscussionID : $this->Form->getFormValue('DiscussionID', 0); // Set discussion data $this->DiscussionID = $DiscussionID; $this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID); // Is this an embedded comment being posted to a discussion that doesn't exist yet? $vanilla_type = $this->Form->getFormValue('vanilla_type', ''); $vanilla_url = $this->Form->getFormValue('vanilla_url', ''); $vanilla_category_id = $this->Form->getFormValue('vanilla_category_id', ''); $Attributes = array('ForeignUrl' => $vanilla_url); $vanilla_identifier = $this->Form->getFormValue('vanilla_identifier', ''); $isEmbeddedComments = $vanilla_url != '' && $vanilla_identifier != ''; // Only allow vanilla identifiers of 32 chars or less - md5 if larger if (strlen($vanilla_identifier) > 32) { $Attributes['vanilla_identifier'] = $vanilla_identifier; $vanilla_identifier = md5($vanilla_identifier); } if (!$Discussion && $isEmbeddedComments) { $Discussion = $Discussion = $this->DiscussionModel->getForeignID($vanilla_identifier, $vanilla_type); if ($Discussion) { $this->DiscussionID = $DiscussionID = $Discussion->DiscussionID; $this->Form->setValue('DiscussionID', $DiscussionID); } } // If so, create it! if (!$Discussion && $isEmbeddedComments) { // Add these values back to the form if they exist! $this->Form->addHidden('vanilla_identifier', $vanilla_identifier); $this->Form->addHidden('vanilla_type', $vanilla_type); $this->Form->addHidden('vanilla_url', $vanilla_url); $this->Form->addHidden('vanilla_category_id', $vanilla_category_id); $PageInfo = fetchPageInfo($vanilla_url); if (!($Title = $this->Form->getFormValue('Name'))) { $Title = val('Title', $PageInfo, ''); if ($Title == '') { $Title = t('Undefined discussion subject.'); if (!empty($PageInfo['Exception']) && $PageInfo['Exception'] === "Couldn't connect to host.") { $Title .= ' ' . t('Page timed out.'); } } } $Description = val('Description', $PageInfo, ''); $Images = val('Images', $PageInfo, array()); $LinkText = t('EmbededDiscussionLinkText', 'Read the full story here'); if (!$Description && count($Images) == 0) { $Body = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText)); } else { $Body = formatString(' <div class="EmbeddedContent">{Image}<strong>{Title}</strong> <p>{Excerpt}</p> <p><a href="{Url}">{LinkText}</a></p> <div class="ClearFix"></div> </div>', array('Title' => $Title, 'Excerpt' => $Description, 'Image' => count($Images) > 0 ? img(val(0, $Images), array('class' => 'LeftAlign')) : '', 'Url' => $vanilla_url, 'LinkText' => $LinkText)); } if ($Body == '') { $Body = $vanilla_url; } if ($Body == '') { $Body = t('Undefined discussion body.'); } // Validate the CategoryID for inserting. $Category = CategoryModel::categories($vanilla_category_id); if (!$Category) { $vanilla_category_id = c('Vanilla.Embed.DefaultCategoryID', 0); if ($vanilla_category_id <= 0) { // No default category defined, so grab the first non-root category and use that. $vanilla_category_id = $this->DiscussionModel->SQL->select('CategoryID')->from('Category')->where('CategoryID >', 0)->get()->firstRow()->CategoryID; // No categories in the db? default to 0 if (!$vanilla_category_id) { $vanilla_category_id = 0; } } } else { $vanilla_category_id = $Category['CategoryID']; } $EmbedUserID = c('Garden.Embed.UserID'); if ($EmbedUserID) { $EmbedUser = Gdn::userModel()->getID($EmbedUserID); } if (!$EmbedUserID || !$EmbedUser) { $EmbedUserID = Gdn::userModel()->getSystemUserID(); } $EmbeddedDiscussionData = array('InsertUserID' => $EmbedUserID, 'DateInserted' => Gdn_Format::toDateTime(), 'DateUpdated' => Gdn_Format::toDateTime(), 'CategoryID' => $vanilla_category_id, 'ForeignID' => $vanilla_identifier, 'Type' => $vanilla_type, 'Name' => $Title, 'Body' => $Body, 'Format' => 'Html', 'Attributes' => dbencode($Attributes)); $this->EventArguments['Discussion'] =& $EmbeddedDiscussionData; $this->fireEvent('BeforeEmbedDiscussion'); $DiscussionID = $this->DiscussionModel->SQL->insert('Discussion', $EmbeddedDiscussionData); $ValidationResults = $this->DiscussionModel->validationResults(); if (count($ValidationResults) == 0 && $DiscussionID > 0) { $this->Form->addHidden('DiscussionID', $DiscussionID); // Put this in the form so reposts won't cause new discussions. $this->Form->setFormValue('DiscussionID', $DiscussionID); // Put this in the form values so it is used when saving comments. $this->setJson('DiscussionID', $DiscussionID); $this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID, DATASET_TYPE_OBJECT, array('Slave' => false)); // Update the category discussion count if ($vanilla_category_id > 0) { $this->DiscussionModel->updateDiscussionCount($vanilla_category_id, $DiscussionID); } } } // If no discussion was found, error out if (!$Discussion) { $this->Form->addError(t('Failed to find discussion for commenting.')); } /** * Special care is taken for embedded comments. Since we don't currently use an advanced editor for these * comments, we may need to apply certain filters and fixes to the data to maintain its intended display * with the input format (e.g. maintaining newlines). */ if ($isEmbeddedComments) { $inputFormatter = $this->Form->getFormValue('Format', c('Garden.InputFormatter')); switch ($inputFormatter) { case 'Wysiwyg': $this->Form->setFormValue('Body', nl2br($this->Form->getFormValue('Body'))); break; } } $PermissionCategoryID = val('PermissionCategoryID', $Discussion); // Setup head $this->addJsFile('jquery.autosize.min.js'); $this->addJsFile('autosave.js'); $this->addJsFile('post.js'); // Setup comment model, $CommentID, $DraftID $Session = Gdn::session(); $CommentID = isset($this->Comment) && property_exists($this->Comment, 'CommentID') ? $this->Comment->CommentID : ''; $DraftID = isset($this->Comment) && property_exists($this->Comment, 'DraftID') ? $this->Comment->DraftID : ''; $this->EventArguments['CommentID'] = $CommentID; $this->EventArguments['DraftID'] = $DraftID; // Determine whether we are editing $Editing = $CommentID > 0 || $DraftID > 0; $this->EventArguments['Editing'] = $Editing; // If closed, cancel & go to discussion if ($Discussion && $Discussion->Closed == 1 && !$Editing && !$Session->checkPermission('Vanilla.Discussions.Close', true, 'Category', $PermissionCategoryID)) { redirect(DiscussionUrl($Discussion)); } // Add hidden IDs to form $this->Form->addHidden('DiscussionID', $DiscussionID); $this->Form->addHidden('CommentID', $CommentID); $this->Form->addHidden('DraftID', $DraftID, true); // Check permissions if ($Discussion && $Editing) { // Permission to edit if ($this->Comment->InsertUserID != $Session->UserID) { $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID); } // Make sure that content can (still) be edited. $EditContentTimeout = c('Garden.EditContentTimeout', -1); $CanEdit = $EditContentTimeout == -1 || strtotime($this->Comment->DateInserted) + $EditContentTimeout > time(); if (!$CanEdit) { $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID); } // Make sure only moderators can edit closed things if ($Discussion->Closed) { $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID); } $this->Form->setFormValue('CommentID', $CommentID); } elseif ($Discussion) { // Permission to add $this->permission('Vanilla.Comments.Add', true, 'Category', $Discussion->PermissionCategoryID); } if ($this->Form->authenticatedPostBack()) { // Save as a draft? $FormValues = $this->Form->formValues(); $FormValues = $this->CommentModel->filterForm($FormValues); if (!$Editing) { unset($FormValues['CommentID']); } if ($DraftID == 0) { $DraftID = $this->Form->getFormValue('DraftID', 0); } $Type = GetIncomingValue('Type'); $Draft = $Type == 'Draft'; $this->EventArguments['Draft'] = $Draft; $Preview = $Type == 'Preview'; if ($Draft) { $DraftID = $this->DraftModel->save($FormValues); $this->Form->addHidden('DraftID', $DraftID, true); $this->Form->setValidationResults($this->DraftModel->validationResults()); } elseif (!$Preview) { // Fix an undefined title if we can. if ($this->Form->getFormValue('Name') && val('Name', $Discussion) == t('Undefined discussion subject.')) { $Set = array('Name' => $this->Form->getFormValue('Name')); if (isset($vanilla_url) && $vanilla_url && strpos(val('Body', $Discussion), t('Undefined discussion subject.')) !== false) { $LinkText = t('EmbededDiscussionLinkText', 'Read the full story here'); $Set['Body'] = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText)); } $this->DiscussionModel->setField(val('DiscussionID', $Discussion), $Set); } $Inserted = !$CommentID; $CommentID = $this->CommentModel->save($FormValues); // The comment is now half-saved. if (is_numeric($CommentID) && $CommentID > 0) { if (in_array($this->deliveryType(), array(DELIVERY_TYPE_ALL, DELIVERY_TYPE_DATA))) { $this->CommentModel->save2($CommentID, $Inserted, true, true); } else { $this->jsonTarget('', url("/post/comment2.json?commentid={$CommentID}&inserted={$Inserted}"), 'Ajax'); } // $Discussion = $this->DiscussionModel->getID($DiscussionID); $Comment = $this->CommentModel->getID($CommentID, DATASET_TYPE_OBJECT, array('Slave' => false)); $this->EventArguments['Discussion'] = $Discussion; $this->EventArguments['Comment'] = $Comment; $this->fireEvent('AfterCommentSave'); } elseif ($CommentID === SPAM || $CommentID === UNAPPROVED) { $this->StatusMessage = t('CommentRequiresApprovalStatus', 'Your comment will appear after it is approved.'); } $this->Form->setValidationResults($this->CommentModel->validationResults()); if ($CommentID > 0 && $DraftID > 0) { $this->DraftModel->delete($DraftID); } } // Handle non-ajax requests first: if ($this->_DeliveryType == DELIVERY_TYPE_ALL) { if ($this->Form->errorCount() == 0) { // Make sure that this form knows what comment we are editing. if ($CommentID > 0) { $this->Form->addHidden('CommentID', $CommentID); } // If the comment was not a draft if (!$Draft) { // Redirect to the new comment. if ($CommentID > 0) { redirect("discussion/comment/{$CommentID}/#Comment_{$CommentID}"); } elseif ($CommentID == SPAM) { $this->setData('DiscussionUrl', DiscussionUrl($Discussion)); $this->View = 'Spam'; } } elseif ($Preview) { // If this was a preview click, create a comment shell with the values for this comment $this->Comment = new stdClass(); $this->Comment->InsertUserID = $Session->User->UserID; $this->Comment->InsertName = $Session->User->Name; $this->Comment->InsertPhoto = $Session->User->Photo; $this->Comment->DateInserted = Gdn_Format::date(); $this->Comment->Body = val('Body', $FormValues, ''); $this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter')); $this->addAsset('Content', $this->fetchView('preview')); } else { // If this was a draft save, notify the user about the save $this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date())); } } } else { // Handle ajax-based requests if ($this->Form->errorCount() > 0) { // Return the form errors $this->errorMessage($this->Form->errors()); } else { // Make sure that the ajax request form knows about the newly created comment or draft id $this->setJson('CommentID', $CommentID); $this->setJson('DraftID', $DraftID); if ($Preview) { // If this was a preview click, create a comment shell with the values for this comment $this->Comment = new stdClass(); $this->Comment->InsertUserID = $Session->User->UserID; $this->Comment->InsertName = $Session->User->Name; $this->Comment->InsertPhoto = $Session->User->Photo; $this->Comment->DateInserted = Gdn_Format::date(); $this->Comment->Body = val('Body', $FormValues, ''); $this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter')); $this->View = 'preview'; } elseif (!$Draft) { // If the comment was not a draft // If Editing a comment if ($Editing) { // Just reload the comment in question $this->Offset = 1; $Comments = $this->CommentModel->getIDData($CommentID, array('Slave' => false)); $this->setData('Comments', $Comments); $this->setData('Discussion', $Discussion); // Load the discussion $this->ControllerName = 'discussion'; $this->View = 'comments'; // Also define the discussion url in case this request came from the post screen and needs to be redirected to the discussion $this->setJson('DiscussionUrl', DiscussionUrl($this->Discussion) . '#Comment_' . $CommentID); } else { // If the comment model isn't sorted by DateInserted or CommentID then we can't do any fancy loading of comments. $OrderBy = valr('0.0', $this->CommentModel->orderBy()); // $Redirect = !in_array($OrderBy, array('c.DateInserted', 'c.CommentID')); // $DisplayNewCommentOnly = $this->Form->getFormValue('DisplayNewCommentOnly'); // if (!$Redirect) { // // Otherwise load all new comments that the user hasn't seen yet // $LastCommentID = $this->Form->getFormValue('LastCommentID'); // if (!is_numeric($LastCommentID)) // $LastCommentID = $CommentID - 1; // Failsafe back to this new comment if the lastcommentid was not defined properly // // // Don't reload the first comment if this new comment is the first one. // $this->Offset = $LastCommentID == 0 ? 1 : $this->CommentModel->GetOffset($LastCommentID); // // Do not load more than a single page of data... // $Limit = c('Vanilla.Comments.PerPage', 30); // // // Redirect if the new new comment isn't on the same page. // $Redirect |= !$DisplayNewCommentOnly && PageNumber($this->Offset, $Limit) != PageNumber($Discussion->CountComments - 1, $Limit); // } // if ($Redirect) { // // The user posted a comment on a page other than the last one, so just redirect to the last page. // $this->RedirectUrl = Gdn::request()->Url("discussion/comment/$CommentID/#Comment_$CommentID", true); // } else { // // Make sure to load all new comments since the page was last loaded by this user // if ($DisplayNewCommentOnly) $this->Offset = $this->CommentModel->GetOffset($CommentID); $Comments = $this->CommentModel->GetIDData($CommentID, array('Slave' => false)); $this->setData('Comments', $Comments); $this->setData('NewComments', true); $this->ClassName = 'DiscussionController'; $this->ControllerName = 'discussion'; $this->View = 'comments'; // } // Make sure to set the user's discussion watch records $CountComments = $this->CommentModel->getCount($DiscussionID); $Limit = is_object($this->data('Comments')) ? $this->data('Comments')->numRows() : $Discussion->CountComments; $Offset = $CountComments - $Limit; $this->CommentModel->SetWatch($this->Discussion, $Limit, $Offset, $CountComments); } } else { // If this was a draft save, notify the user about the save $this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date())); } // And update the draft count $UserModel = Gdn::userModel(); $CountDrafts = $UserModel->getAttribute($Session->UserID, 'CountDrafts', 0); $this->setJson('MyDrafts', t('My Drafts')); $this->setJson('CountDrafts', $CountDrafts); } } } elseif ($this->Request->isPostBack()) { throw new Gdn_UserException(t('Invalid CSRF token.', 'Invalid CSRF token. Please try again.'), 401); } else { // Load form if (isset($this->Comment)) { $this->Form->setData((array) $this->Comment); } } // Include data for FireEvent if (property_exists($this, 'Discussion')) { $this->EventArguments['Discussion'] = $this->Discussion; } if (property_exists($this, 'Comment')) { $this->EventArguments['Comment'] = $this->Comment; } $this->fireEvent('BeforeCommentRender'); if ($this->deliveryType() == DELIVERY_TYPE_DATA) { if ($this->data('Comments') instanceof Gdn_DataSet) { $Comment = $this->data('Comments')->firstRow(DATASET_TYPE_ARRAY); if ($Comment) { $Photo = $Comment['InsertPhoto']; if (strpos($Photo, '//') === false) { $Photo = Gdn_Upload::url(changeBasename($Photo, 'n%s')); } $Comment['InsertPhoto'] = $Photo; } $this->Data = array('Comment' => $Comment); } $this->RenderData($this->Data); } else { require_once $this->fetchViewLocation('helper_functions', 'Discussion'); // Render default view. $this->render(); } }
/** * Edit user's preferences (mostly notification settings). * * @since 2.0.0 * @access public * @param mixed $UserReference Unique identifier, possibly username or ID. * @param string $Username . * @param int $UserID Unique identifier. */ public function preferences($UserReference = '', $Username = '', $UserID = '') { $this->addJsFile('profile.js'); $Session = Gdn::session(); $this->permission('Garden.SignIn.Allow'); // Get user data $this->getUserInfo($UserReference, $Username, $UserID, true); $UserPrefs = Gdn_Format::unserialize($this->User->Preferences); if ($this->User->UserID != $Session->UserID) { $this->permission(array('Garden.Users.Edit', 'Moderation.Profiles.Edit'), false); } if (!is_array($UserPrefs)) { $UserPrefs = array(); } $MetaPrefs = UserModel::GetMeta($this->User->UserID, 'Preferences.%', 'Preferences.'); // Define the preferences to be managed $Notifications = array(); if (c('Garden.Profile.ShowActivities', true)) { $Notifications = array('Email.WallComment' => t('Notify me when people write on my wall.'), 'Email.ActivityComment' => t('Notify me when people reply to my wall comments.'), 'Popup.WallComment' => t('Notify me when people write on my wall.'), 'Popup.ActivityComment' => t('Notify me when people reply to my wall comments.')); } $this->Preferences = array('Notifications' => $Notifications); // Allow email notification of applicants (if they have permission & are using approval registration) if (checkPermission('Garden.Users.Approve') && c('Garden.Registration.Method') == 'Approval') { $this->Preferences['Notifications']['Email.Applicant'] = array(t('NotifyApplicant', 'Notify me when anyone applies for membership.'), 'Meta'); } $this->fireEvent('AfterPreferencesDefined'); // Loop through the preferences looking for duplicates, and merge into a single row $this->PreferenceGroups = array(); $this->PreferenceTypes = array(); foreach ($this->Preferences as $PreferenceGroup => $Preferences) { $this->PreferenceGroups[$PreferenceGroup] = array(); $this->PreferenceTypes[$PreferenceGroup] = array(); foreach ($Preferences as $Name => $Description) { $Location = 'Prefs'; if (is_array($Description)) { list($Description, $Location) = $Description; } $NameParts = explode('.', $Name); $PrefType = val('0', $NameParts); $SubName = val('1', $NameParts); if ($SubName != false) { // Save an array of all the different types for this group if (!in_array($PrefType, $this->PreferenceTypes[$PreferenceGroup])) { $this->PreferenceTypes[$PreferenceGroup][] = $PrefType; } // Store all the different subnames for the group if (!array_key_exists($SubName, $this->PreferenceGroups[$PreferenceGroup])) { $this->PreferenceGroups[$PreferenceGroup][$SubName] = array($Name); } else { $this->PreferenceGroups[$PreferenceGroup][$SubName][] = $Name; } } else { $this->PreferenceGroups[$PreferenceGroup][$Name] = array($Name); } } } // Loop the preferences, setting defaults from the configuration. $CurrentPrefs = array(); foreach ($this->Preferences as $PrefGroup => $Prefs) { foreach ($Prefs as $Pref => $Desc) { $Location = 'Prefs'; if (is_array($Desc)) { list($Desc, $Location) = $Desc; } if ($Location == 'Meta') { $CurrentPrefs[$Pref] = val($Pref, $MetaPrefs, false); } else { $CurrentPrefs[$Pref] = val($Pref, $UserPrefs, c('Preferences.' . $Pref, '0')); } unset($MetaPrefs[$Pref]); } } $CurrentPrefs = array_merge($CurrentPrefs, $MetaPrefs); $CurrentPrefs = array_map('intval', $CurrentPrefs); $this->setData('Preferences', $CurrentPrefs); if (UserModel::noEmail()) { $this->PreferenceGroups = self::_removeEmailPreferences($this->PreferenceGroups); $this->PreferenceTypes = self::_removeEmailPreferences($this->PreferenceTypes); $this->setData('NoEmail', true); } $this->setData('PreferenceGroups', $this->PreferenceGroups); $this->setData('PreferenceTypes', $this->PreferenceTypes); $this->setData('PreferenceList', $this->Preferences); if ($this->Form->authenticatedPostBack()) { // Get, assign, and save the preferences. $NewMetaPrefs = array(); foreach ($this->Preferences as $PrefGroup => $Prefs) { foreach ($Prefs as $Pref => $Desc) { $Location = 'Prefs'; if (is_array($Desc)) { list($Desc, $Location) = $Desc; } $Value = $this->Form->getValue($Pref, null); if (is_null($Value)) { continue; } if ($Location == 'Meta') { $NewMetaPrefs[$Pref] = $Value ? $Value : null; if ($Value) { $UserPrefs[$Pref] = $Value; // dup for notifications code. } } else { if (!$CurrentPrefs[$Pref] && !$Value) { unset($UserPrefs[$Pref]); // save some space } else { $UserPrefs[$Pref] = $Value; } } } } $this->UserModel->savePreference($this->User->UserID, $UserPrefs); UserModel::setMeta($this->User->UserID, $NewMetaPrefs, 'Preferences.'); $this->setData('Preferences', array_merge($this->data('Preferences', array()), $UserPrefs, $NewMetaPrefs)); if (count($this->Form->errors() == 0)) { $this->informMessage(sprite('Check', 'InformSprite') . t('Your preferences have been saved.'), 'Dismissable AutoDismiss HasSprite'); } } else { $this->Form->setData($CurrentPrefs); } $this->title(t('Notification Preferences')); $this->_setBreadcrumbs($this->data('Title'), $this->canonicalUrl()); $this->render(); }
/** * SSO facilitator page. Plugins use event `ConnectData` to complete SSO connections. * * Users only see this page for non-seamless connections that prompt them to finish connecting * by entering a username and/or password (and possibly email). * * @since 2.0.0 * @access public * * @param string $Method Used to register multiple providers on ConnectData event. */ public function connect($Method) { // Basic page setup. $this->addJsFile('entry.js'); $this->View = 'connect'; $this->addDefinition('Username already exists.', t('Username already exists.')); $this->addDefinition('Choose a name to identify yourself on the site.', t('Choose a name to identify yourself on the site.')); // Determine what step in the process we're at. $IsPostBack = $this->Form->isPostBack() && $this->Form->getFormValue('Connect', null) !== null; $UserSelect = $this->Form->getFormValue('UserSelect'); /** * When a user is connecting through SSO she is prompted to choose a username. * If she chooses an existing username, she is prompted to enter the password to claim it. * Setting AllowConnect = false disables that workflow, forcing the user to choose a unique username. */ $allowConnect = c('Garden.Registration.AllowConnect', true); $this->setData('AllowConnect', $allowConnect); $this->addDefinition('AllowConnect', $allowConnect); if (!$IsPostBack) { // Initialize data array that can be set by a plugin. $Data = ['Provider' => '', 'ProviderName' => '', 'UniqueID' => '', 'FullName' => '', 'Name' => '', 'Email' => '', 'Photo' => '', 'Target' => $this->target()]; $this->Form->setData($Data); $this->Form->addHidden('Target', $this->Request->get('Target', '/')); } // SSO providers can check to see if they are being used and modify the data array accordingly. $this->EventArguments = [$Method]; // Filter the form data for users. // SSO plugins must reset validated data each postback. $currentData = $this->Form->formValues(); $filteredData = Gdn::userModel()->filterForm($currentData, true); $filteredData = array_replace($filteredData, arrayTranslate($currentData, ['TransientKey', 'hpt'])); unset($filteredData['Roles'], $filteredData['RoleID']); $this->Form->formValues($filteredData); // Fire ConnectData event & error handling. try { // Where your SSO plugin does magic. $this->EventArguments['Form'] = $this->Form; $this->fireEvent('ConnectData'); $this->fireEvent('AfterConnectData'); } catch (Gdn_UserException $Ex) { // Your SSO magic said no. $this->Form->addError($Ex); return $this->render('ConnectError'); } catch (Exception $Ex) { // Your SSO magic blew up. if (debug()) { $this->Form->addError($Ex); } else { $this->Form->addError('There was an error fetching the connection data.'); } return $this->render('ConnectError'); } // Allow a provider to not send an email address but require one be manually entered. if (!UserModel::noEmail()) { $emailProvided = $this->Form->getFormValue('Email'); $emailRequested = $this->Form->getFormValue('EmailVisible'); if (!$emailProvided || $emailRequested) { $this->Form->setFormValue('EmailVisible', true); $this->Form->addHidden('EmailVisible', true); if ($IsPostBack) { $this->Form->setFormValue('Email', val('Email', $currentData)); } } if ($IsPostBack && $emailRequested) { $this->Form->validateRule('Email', 'ValidateRequired'); $this->Form->validateRule('Email', 'ValidateEmail'); } } // Make sure the minimum required data has been provided by the connection. if (!$this->Form->getFormValue('Provider')) { $this->Form->addError('ValidateRequired', t('Provider')); } if (!$this->Form->getFormValue('UniqueID')) { $this->Form->addError('ValidateRequired', t('UniqueID')); } if (!$this->data('Verified')) { // Whatever event handler catches this must set the data 'Verified' = true // to prevent a random site from connecting without credentials. // This must be done EVERY postback and is VERY important. $this->Form->addError(t('The connection data has not been verified.')); } // If we've accrued errors, stop here and show them. if ($this->Form->errorCount() > 0) { $this->render(); return; } // Check if we need to sync roles if (($this->data('Trusted') || c('Garden.SSO.SyncRoles')) && $this->Form->getFormValue('Roles', null) !== null) { $SaveRoles = $SaveRolesRegister = true; // Translate the role names to IDs. $Roles = $this->Form->getFormValue('Roles', null); $Roles = RoleModel::getByName($Roles); $RoleIDs = array_keys($Roles); // Ensure user has at least one role. if (empty($RoleIDs)) { $RoleIDs = $this->UserModel->newUserRoleIDs(); } // Allow role syncing to only happen on first connect. if (c('Garden.SSO.SyncRolesBehavior') === 'register') { $SaveRoles = false; } $this->Form->setFormValue('RoleID', $RoleIDs); } else { $SaveRoles = false; $SaveRolesRegister = false; } $UserModel = Gdn::userModel(); // Find an existing user associated with this provider & uniqueid. $Auth = $UserModel->getAuthentication($this->Form->getFormValue('UniqueID'), $this->Form->getFormValue('Provider')); $UserID = val('UserID', $Auth); // The user is already in the UserAuthentication table if ($UserID) { $this->Form->setFormValue('UserID', $UserID); // Update their info. if (c('Garden.Registration.ConnectSynchronize', true)) { $User = Gdn::userModel()->getID($UserID, DATASET_TYPE_ARRAY); $Data = $this->Form->formValues(); // Don't overwrite the user photo if the user uploaded a new one. $Photo = val('Photo', $User); if (!val('Photo', $Data) || $Photo && !isUrl($Photo)) { unset($Data['Photo']); } // Synchronize the user's data. $UserModel->save($Data, ['NoConfirmEmail' => true, 'FixUnique' => true, 'SaveRoles' => $SaveRoles]); $this->EventArguments['UserID'] = $UserID; $this->fireEvent('AfterConnectSave'); } // Always save the attributes because they may contain authorization information. if ($Attributes = $this->Form->getFormValue('Attributes')) { $UserModel->saveAttribute($UserID, $Attributes); } // Sign the user in. Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // Send them on their way. $this->_setRedirect(Gdn::request()->get('display') === 'popup'); // If a name of email has been provided } elseif ($this->Form->getFormValue('Name') || $this->Form->getFormValue('Email')) { // Decide how to handle our first time connecting. $NameUnique = c('Garden.Registration.NameUnique', true); $EmailUnique = c('Garden.Registration.EmailUnique', true); $AutoConnect = c('Garden.Registration.AutoConnect'); // Decide which name to search for. if ($IsPostBack && $this->Form->getFormValue('ConnectName')) { $searchName = $this->Form->getFormValue('ConnectName'); } else { $searchName = $this->Form->getFormValue('Name'); } // Find existing users that match the name or email of the connection. // First, discover if we have search criteria. $Search = false; $ExistingUsers = []; if ($searchName && $NameUnique) { $UserModel->SQL->orWhere('Name', $searchName); $Search = true; } if ($this->Form->getFormValue('Email') && ($EmailUnique || $AutoConnect)) { $UserModel->SQL->orWhere('Email', $this->Form->getFormValue('Email')); $Search = true; } if (is_numeric($UserSelect)) { $UserModel->SQL->orWhere('UserID', $UserSelect); $Search = true; } // Now do the search if we found some criteria. if ($Search) { $ExistingUsers = $UserModel->getWhere()->resultArray(); } // Get the email and decide if we can safely find a match. $submittedEmail = $this->Form->getFormValue('Email'); $canMatchEmail = strlen($submittedEmail) > 0 && !UserModel::noEmail(); // Check to automatically link the user. if ($AutoConnect && count($ExistingUsers) > 0) { if ($IsPostBack && $this->Form->getFormValue('ConnectName')) { $this->Form->setFormValue('Name', $this->Form->getFormValue('ConnectName')); } if ($canMatchEmail) { // Check each existing user for an exact email match. foreach ($ExistingUsers as $Row) { if (strcasecmp($submittedEmail, $Row['Email']) === 0) { // Add the UserID to the form, then get the unified user data set from it. $UserID = $Row['UserID']; $this->Form->setFormValue('UserID', $UserID); $Data = $this->Form->formValues(); // User synchronization. if (c('Garden.Registration.ConnectSynchronize', true)) { // Don't overwrite a photo if the user has already uploaded one. $Photo = val('Photo', $Row); if (!val('Photo', $Data) || $Photo && !stringBeginsWith($Photo, 'http')) { unset($Data['Photo']); } // Update the user. $UserModel->save($Data, ['NoConfirmEmail' => true, 'FixUnique' => true, 'SaveRoles' => $SaveRoles]); $this->EventArguments['UserID'] = $UserID; $this->fireEvent('AfterConnectSave'); } // Always save the attributes because they may contain authorization information. if ($Attributes = $this->Form->getFormValue('Attributes')) { $UserModel->saveAttribute($UserID, $Attributes); } // Save the user authentication association. $UserModel->saveAuthentication(['UserID' => $UserID, 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID')]); // Sign the user in. Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); $this->_setRedirect(Gdn::request()->get('display') === 'popup'); $this->render(); return; } } } } // Did not autoconnect! // Explore alternatives for a first-time connection. // This will be zero for a guest. $CurrentUserID = Gdn::session()->UserID; // Evaluate the existing users for matches. foreach ($ExistingUsers as $Index => $UserRow) { if ($EmailUnique && $canMatchEmail && $UserRow['Email'] == $submittedEmail) { // An email match overrules any other options. $EmailFound = $UserRow; break; } // Detect a simple name match. if ($UserRow['Name'] == $this->Form->getFormValue('Name')) { $NameFound = $UserRow; } // Detect if we have a match on the current user session. if ($CurrentUserID > 0 && $UserRow['UserID'] == $CurrentUserID) { unset($ExistingUsers[$Index]); $CurrentUserFound = true; } } // Handle special cases for what we matched on. if (isset($EmailFound)) { // The email address was found and can be the only user option. $ExistingUsers = [$UserRow]; $this->setData('NoConnectName', true); } elseif (isset($CurrentUserFound)) { // If we're already logged in to Vanilla, assume that's an option we want. $ExistingUsers = array_merge(['UserID' => 'current', 'Name' => sprintf(t('%s (Current)'), Gdn::session()->User->Name)], $ExistingUsers); } // Pre-populate our ConnectName field with the passed name if we couldn't match it. if (!isset($NameFound) && !$IsPostBack) { $this->Form->setFormValue('ConnectName', $this->Form->getFormValue('Name')); } // Block connecting to an existing user if it's disallowed. if (!$allowConnect) { // Make sure photo of existing user doesn't show on the form. $this->Form->setFormValue("Photo", null); // Ignore existing users found. $ExistingUsers = []; } // Set our final answer on matched users. $this->setData('ExistingUsers', $ExistingUsers); // Validate our email address if we have one. if (UserModel::noEmail()) { $emailValid = true; } else { $emailValid = validateRequired($this->Form->getFormValue('Email')); } // Set some nice variable names for logic clarity. $noMatches = !is_array($ExistingUsers) || count($ExistingUsers) == 0; $didNotPickUser = !$UserSelect || $UserSelect == 'other'; $haveName = $this->Form->getFormValue('Name'); // Should we create a new user? if ($didNotPickUser && $haveName && $emailValid && $noMatches) { // Create the user. $User = $this->Form->formValues(); $User['Password'] = randomString(16); // Required field. $User['HashMethod'] = 'Random'; $User['Source'] = $this->Form->getFormValue('Provider'); $User['SourceID'] = $this->Form->getFormValue('UniqueID'); $User['Attributes'] = $this->Form->getFormValue('Attributes', null); $User['Email'] = $this->Form->getFormValue('ConnectEmail', $this->Form->getFormValue('Email', null)); $User['Name'] = $this->Form->getFormValue('ConnectName', $this->Form->getFormValue('Name', null)); $UserID = $UserModel->register($User, ['CheckCaptcha' => false, 'ValidateEmail' => false, 'NoConfirmEmail' => true, 'SaveRoles' => $SaveRolesRegister]); $User['UserID'] = $UserID; $this->EventArguments['UserID'] = $UserID; $this->fireEvent('AfterConnectSave'); $this->Form->setValidationResults($UserModel->validationResults()); // Save the association to the new user. if ($UserID) { $UserModel->saveAuthentication(['UserID' => $UserID, 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID')]); $this->Form->setFormValue('UserID', $UserID); $this->Form->setFormValue('UserSelect', false); // Sign in as the new user. Gdn::session()->start($UserID, true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // Send the welcome email. if (c('Garden.Registration.SendConnectEmail', false)) { try { $providerName = $this->Form->getFormValue('ProviderName', $this->Form->getFormValue('Provider', 'Unknown')); $UserModel->sendWelcomeEmail($UserID, '', 'Connect', ['ProviderName' => $providerName]); } catch (Exception $Ex) { // Do nothing if emailing doesn't work. } } // Move along. $this->_setRedirect(Gdn::request()->get('display') === 'popup'); } } } // Finished our connection logic. // Save the user's choice. if ($IsPostBack) { $PasswordHash = new Gdn_PasswordHash(); if (!$UserSelect || $UserSelect == 'other') { // The user entered a username. Validate it. $ConnectNameEntered = true; if ($this->Form->validateRule('ConnectName', 'ValidateRequired')) { $ConnectName = $this->Form->getFormValue('ConnectName'); $User = false; if (c('Garden.Registration.NameUnique')) { // Check to see if there is already a user with the given name. $User = $UserModel->getWhere(array('Name' => $ConnectName))->firstRow(DATASET_TYPE_ARRAY); } if (!$User) { // Using a new username, so validate it. $this->Form->validateRule('ConnectName', 'ValidateUsername'); } } } else { // The user selected an existing user. $ConnectNameEntered = false; if ($UserSelect == 'current') { if (Gdn::session()->UserID == 0) { // This should never happen, but a user could click submit on a stale form. $this->Form->addError('@You were unexpectedly signed out.'); } else { $UserSelect = Gdn::session()->UserID; } } $User = $UserModel->getID($UserSelect, DATASET_TYPE_ARRAY); } // End user selection. if (isset($User) && $User) { // Make sure the user authenticates. if (!$User['UserID'] == Gdn::session()->UserID && $allowConnect) { $hasPassword = $this->Form->validateRule('ConnectPassword', 'ValidateRequired', sprintf(t('ValidateRequired'), t('Password'))); if ($hasPassword) { // Validate their password. try { $password = $this->Form->getFormValue('ConnectPassword'); $name = $this->Form->getFormValue('ConnectName'); if (!$PasswordHash->checkPassword($password, $User['Password'], $User['HashMethod'], $name)) { if ($ConnectNameEntered) { $this->Form->addError('The username you entered has already been taken.'); } else { $this->Form->addError('The password you entered is incorrect.'); } } } catch (Gdn_UserException $Ex) { $this->Form->addError($Ex); } } } } elseif ($this->Form->errorCount() == 0) { // The user doesn't exist so we need to add another user. $User = $this->Form->formValues(); $User['Name'] = $User['ConnectName']; $User['Password'] = randomString(16); // Required field. $User['HashMethod'] = 'Random'; $UserID = $UserModel->register($User, ['CheckCaptcha' => false, 'NoConfirmEmail' => true, 'SaveRoles' => $SaveRolesRegister]); $User['UserID'] = $UserID; $this->EventArguments['UserID'] = $UserID; $this->fireEvent('AfterConnectSave'); $this->Form->setValidationResults($UserModel->validationResults()); // Send the welcome email. if ($UserID && c('Garden.Registration.SendConnectEmail', false)) { $providerName = $this->Form->getFormValue('ProviderName', $this->Form->getFormValue('Provider', 'Unknown')); $UserModel->sendWelcomeEmail($UserID, '', 'Connect', ['ProviderName' => $providerName]); } } // Save the user authentication association. if ($this->Form->errorCount() == 0) { if (isset($User) && val('UserID', $User)) { $UserModel->saveAuthentication(['UserID' => $User['UserID'], 'Provider' => $this->Form->getFormValue('Provider'), 'UniqueID' => $this->Form->getFormValue('UniqueID')]); $this->Form->setFormValue('UserID', $User['UserID']); } // Sign the user in. Gdn::session()->start($this->Form->getFormValue('UserID'), true, (bool) $this->Form->getFormValue('RememberMe', true)); Gdn::userModel()->fireEvent('AfterSignIn'); // Move along. $this->_setRedirect(Gdn::request()->get('display') === 'popup'); } } // End of user choice processing. $this->render(); }
/** * Create a controller to deal with plugin settings in dashboard. * * @param Gdn_Controller $sender. * @param Gdn_Controller $args. */ public function settingsEndpoint($sender, $args) { $sender->permission('Garden.Settings.Manage'); $model = new Gdn_AuthenticationProviderModel(); /* @var Gdn_Form $form */ $form = new Gdn_Form(); $form->setModel($model); $sender->Form = $form; if (!$form->AuthenticatedPostBack()) { $provider = $this->provider(); $form->setData($provider); } else { $form->setFormValue('AuthenticationKey', $this->getProviderKey()); $sender->Form->validateRule('AssociationKey', 'ValidateRequired', 'You must provide a unique AccountID.'); $sender->Form->validateRule('AssociationSecret', 'ValidateRequired', 'You must provide a Secret'); $sender->Form->validateRule('AuthorizeUrl', 'isUrl', 'You must provide a complete URL in the Authorize Url field.'); $sender->Form->validateRule('TokenUrl', 'isUrl', 'You must provide a complete URL in the Token Url field.'); // To satisfy the AuthenticationProviderModel, create a BaseUrl. $baseUrlParts = parse_url($form->getValue('AuthorizeUrl')); $baseUrl = val('scheme', $baseUrlParts) && val('host', $baseUrlParts) ? val('scheme', $baseUrlParts) . '://' . val('host', $baseUrlParts) : null; if ($baseUrl) { $form->setFormValue('BaseUrl', $baseUrl); $form->setFormValue('SignInUrl', $baseUrl); // kludge for default provider } if ($form->save()) { $sender->informMessage(t('Saved')); } } // Set up the form. $formFields = ['AssociationKey' => ['LabelCode' => 'Client ID', 'Description' => 'Enter the unique ID of the authentication application.'], 'AssociationSecret' => ['LabelCode' => 'Secret', 'Description' => 'Enter the secret provided by the authentication provider.'], 'AuthorizeUrl' => ['LabelCode' => 'Authorize Url', 'Description' => 'Enter the endpoint to be appended to the base domain to retrieve the authorization token for a user.'], 'TokenUrl' => ['LabelCode' => 'Token Url', 'Description' => 'Enter the endpoint to be appended to the base domain to retrieve the authorization token for a user.'], 'ProfileUrl' => ['LabelCode' => 'Profile Url', 'Description' => 'Enter the endpoint to be appended to the base domain to retrieve a user\'s profile.']]; $formFields = $formFields + $this->getSettingsFormFields(); $formFields['IsDefault'] = ['LabelCode' => 'Make this connection your default signin method.', 'Control' => 'checkbox']; $sender->setData('_Form', $formFields); $sender->addSideMenu(); if (!$sender->data('Title')) { $sender->setData('Title', sprintf(T('%s Settings'), 'Oauth2 SSO')); } $view = $this->settingsView ? $this->settingsView : 'plugins/oauth2'; // Create send the possible redirect URLs that will be required by Oculus and display them in the dashboard. // Use Gdn::Request instead of convience function so that we can return http and https. $redirectUrls = Gdn::request()->url('/entry/' . $this->getProviderKey(), true, true); $sender->setData('redirectUrls', $redirectUrls); $sender->render('settings', '', 'plugins/' . $view); }
/** * * * @param $Sender * @param bool|false $PocketID * @return mixed * @throws Gdn_UserException */ protected function _addEdit($Sender, $PocketID = false) { $Form = new Gdn_Form(); $PocketModel = new Gdn_Model('Pocket'); $Form->setModel($PocketModel); $Sender->ConditionModule = new ConditionModule($Sender); $Sender->Form = $Form; if ($Form->authenticatedPostBack()) { // Save the pocket. if ($PocketID !== false) { $Form->setFormValue('PocketID', $PocketID); } // Convert the form data into a format digestable by the database. $Repeat = $Form->getFormValue('RepeatType'); switch ($Repeat) { case Pocket::REPEAT_EVERY: $PocketModel->Validation->applyRule('EveryFrequency', 'Integer'); $PocketModel->Validation->applyRule('EveryBegin', 'Integer'); $Frequency = $Form->getFormValue('EveryFrequency', 1); if (!$Frequency || !validateInteger($Frequency) || $Frequency < 1) { $Frequency = 1; } $Repeat .= ' ' . $Frequency; if ($Form->getFormValue('EveryBegin', 1) > 1) { $Repeat .= ',' . $Form->getFormValue('EveryBegin'); } break; case Pocket::REPEAT_INDEX: $PocketModel->Validation->addRule('IntegerArray', 'function:ValidateIntegerArray'); $PocketModel->Validation->applyRule('Indexes', 'IntegerArray'); $Indexes = explode(',', $Form->getFormValue('Indexes', '')); $Indexes = array_map('trim', $Indexes); $Repeat .= ' ' . implode(',', $Indexes); break; default: break; } $Form->setFormValue('Repeat', $Repeat); $Form->setFormValue('Sort', 0); $Form->setFormValue('Format', 'Raw'); $Condition = Gdn_Condition::toString($Sender->ConditionModule->conditions(true)); $Form->setFormValue('Condition', $Condition); if ($Form->getFormValue('Ad', 0)) { $Form->setFormValue('Type', Pocket::TYPE_AD); } else { $Form->setFormValue('Type', Pocket::TYPE_DEFAULT); } $Saved = $Form->save(); if ($Saved) { $Sender->StatusMessage = t('Your changes have been saved.'); $Sender->RedirectUrl = url('settings/pockets'); } } else { if ($PocketID !== false) { // Load the pocket. $Pocket = $PocketModel->getWhere(array('PocketID' => $PocketID))->firstRow(DATASET_TYPE_ARRAY); if (!$Pocket) { return Gdn::dispatcher()->dispatch('Default404'); } // Convert some of the pocket data into a format digestable by the form. list($RepeatType, $RepeatFrequency) = Pocket::parseRepeat($Pocket['Repeat']); $Pocket['RepeatType'] = $RepeatType; $Pocket['EveryFrequency'] = GetValue(0, $RepeatFrequency, 1); $Pocket['EveryBegin'] = GetValue(1, $RepeatFrequency, 1); $Pocket['Indexes'] = implode(',', $RepeatFrequency); $Pocket['Ad'] = $Pocket['Type'] == Pocket::TYPE_AD; $Sender->ConditionModule->conditions(Gdn_Condition::fromString($Pocket['Condition'])); $Form->setData($Pocket); } else { // Default the repeat. $Form->setFormValue('RepeatType', Pocket::REPEAT_ONCE); } } $Sender->Form = $Form; $Sender->setData('Locations', $this->Locations); $Sender->setData('LocationsArray', $this->getLocationsArray()); $Sender->setData('Pages', array('' => '(' . T('All') . ')', 'activity' => 'activity', 'comments' => 'comments', 'dashboard' => 'dashboard', 'discussions' => 'discussions', 'inbox' => 'inbox', 'profile' => 'profile')); return $Sender->render('AddEdit', '', 'plugins/Pockets'); }