/** * Responds to process_edit hook-like event notifications. * * @param Zikula_Event $event The event that triggered this function call. * * @return void * * @throws Zikula_Exception_Fatal Thrown if a user account does not exist for the uid specified by the event. */ public function processEdit(Zikula_Event $event) { $activePolicies = $this->helper->getActivePolicies(); $eventName = $event->getName(); if (isset($this->validation) && !$this->validation->hasErrors()) { $user = $event->getSubject(); $uid = $user['uid']; if (!UserUtil::isLoggedIn()) { if (($eventName == 'module.users.ui.process_edit.login_screen') || ($eventName == 'module.users.ui.process_edit.login_block')) { $policiesAcceptedAtLogin = $this->validation->getObject(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $policiesAcceptedAtLogin['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtLogin['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['agePolicy'] && $policiesAcceptedAtLogin['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtLogin['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['tradeConditions'] && $policiesAcceptedAtLogin['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } // Force the reload of the user record $user = UserUtil::getVars($uid, true); } else { $isRegistration = UserUtil::isRegistration($uid); $user = UserUtil::getVars($uid, false, 'uid', $isRegistration); if (!$user) { throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain)); } $policiesAcceptedAtRegistration = $this->validation->getObject(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $policiesAcceptedAtRegistration['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtRegistration['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['agePolicy'] && $policiesAcceptedAtRegistration['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtRegistration['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['tradeConditions'] && $policiesAcceptedAtRegistration['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } // Force the reload of the user record $user = UserUtil::getVars($uid, true, 'uid', $isRegistration); } } else { $isRegistration = UserUtil::isRegistration($uid); $user = UserUtil::getVars($uid, false, 'uid', $isRegistration); if (!$user) { throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain)); } $policiesAcceptedAtRegistration = $this->validation->getObject(); $editablePolicies = $this->helper->getEditablePolicies(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $editablePolicies['termsOfUse']) { if ($policiesAcceptedAtRegistration['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['termsOfUse'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $uid); } } if ($activePolicies['privacyPolicy'] && $editablePolicies['privacyPolicy']) { if ($policiesAcceptedAtRegistration['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['privacyPolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $uid); } } if ($activePolicies['agePolicy'] && $editablePolicies['agePolicy']) { if ($policiesAcceptedAtRegistration['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['agePolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $uid); } } if ($activePolicies['cancellationRightPolicy'] && $editablePolicies['cancellationRightPolicy']) { if ($policiesAcceptedAtRegistration['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['cancellationRightPolicy'] === 0) || ($policiesAcceptedAtRegistration['cancellationRightPolicy'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $uid); } } if ($activePolicies['tradeConditions'] && $editablePolicies['tradeConditions']) { if ($policiesAcceptedAtRegistration['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['tradeConditions'] === 0) || ($policiesAcceptedAtRegistration['tradeConditions'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $uid); } } // Force the reload of the user record $user = UserUtil::getVars($uid, true, 'uid', $isRegistration); } } }
/** * Allow the user to accept active terms of use and/or privacy policy. * * This function is currently used by the Legal module's handler for the users.login.veto event. * * @return string The rendered output from the template. * * @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt. * * @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt; * also thrown in cases where expected data is not present or not in an expected form; * also thrown if the call to this function is not the result of a POST operation or a GET operation. */ public function acceptPolicies() { // Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to // throw an exception. We need to make sure no sensitive data is left dangling in the session variables. $sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name); $this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name); $processed = false; $helper = new Legal_Helper_AcceptPolicies(); if ($this->request->isPost()) { $this->checkCsrfToken(); $isLogin = isset($sessionVars) && !empty($sessionVars); if (!$isLogin && !UserUtil::isLoggedIn()) { throw new Zikula_Exception_Forbidden(); } elseif ($isLogin && UserUtil::isLoggedIn()) { throw new Zikula_Exception_Fatal(); } $policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false); $acceptedPolicies = array( 'termsOfUse' => $this->request->getPost()->get('acceptedpolicies_termsofuse', false), 'privacyPolicy' => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false), 'agePolicy' => $this->request->getPost()->get('acceptedpolicies_agepolicy', false), 'cancellationRightPolicy' => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false), 'tradeConditions' => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false) ); if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) { throw new Zikula_Exception_Fatal(); } $activePolicies = $helper->getActivePolicies(); $originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid); $fieldErrors = array(); if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) { $fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.'); } if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) { $fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.'); } if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) { $fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0))); } if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) { $fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.'); } if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) { $fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.'); } if (empty($fieldErrors)) { $now = new DateTime('now', new DateTimeZone('UTC')); $nowStr = $now->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) { $termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid); } else { $termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse']; } if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) { $privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy']; } if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) { $agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid); } else { $agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy']; } if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) { $cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy']; } if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) { $tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid); } else { $tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions']; } $processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed; } if ($processed) { if ($isLogin) { $loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users'); $loginArgs['authentication_method'] = $sessionVars['authentication_method']; $loginArgs['authentication_info'] = $sessionVars['authentication_info']; $loginArgs['rememberme'] = $sessionVars['rememberme']; return ModUtil::func('Users', 'user', 'login', $loginArgs); } else { $this->redirect(System::getHomepageUrl()); } } } elseif ($this->request->isGet()) { $isLogin = $this->request->getGet()->get('login', false); $fieldErrors = array(); } else { throw new Zikula_Exception_Forbidden(); } // If we are coming here from the login process, then there are certain things that must have been // send along in the session variable. If not, then error. if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj']) || !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info']) || !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method'])) ) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { $policiesUid = $sessionVars['user_obj']['uid']; } else { $policiesUid = UserUtil::getVar('uid'); } if (!$policiesUid || empty($policiesUid)) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { // Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable // Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data // would have been orphaned, and it contains some sensitive information. SessionUtil::requireSession(); $this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name); } $templateVars = array( 'login' => $isLogin, 'policiesUid' => $policiesUid, 'activePolicies' => $helper->getActivePolicies(), 'acceptedPolicies' => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'originalAcceptedPolicies' => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'fieldErrors' => $fieldErrors, ); return $this->view->assign($templateVars) ->fetch('legal_user_acceptpolicies.tpl'); }