/** * Constructor. * * @param mixed $message Response status/error message, may be string or array. * @param mixed $payload Payload. */ public function __construct($message, $payload = null) { $this->messages = (array) $message; $this->payload = $payload; if ($this->newCsrfToken) { $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName()); $this->csrfToken = SecurityUtil::generateCsrfToken(); } }
/** * Constructor. * * @param mixed $message Response status/error message, may be string or array. * @param mixed $payload Payload. */ public function __construct($message, $payload = null) { $this->messages = (array) $message; $this->payload = $payload; if ($this->newCsrfToken) { $this->csrfToken = \SecurityUtil::generateCsrfToken(); } parent::__construct('', $this->statusCode); }
/** * Constructor. * * @param mixed $payload Application data. * @param mixed $message Response status/error message, may be string or array. * @param array $options Options. */ public function __construct($payload, $message = null, array $options = array()) { $this->payload = $payload; $this->messages = (array) $message; $this->options = $options; if ($this->newCsrfToken) { if (System::isLegacyMode()) { $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName()); } $this->csrfToken = SecurityUtil::generateCsrfToken(); } }
/** * Constructor. * * @param mixed $payload Application data. * @param mixed $message Response status/error message, may be string or array. * @param array $options Options. */ public function __construct($payload, $message = null, array $options = array()) { $this->payload = $payload; $this->messages = (array) $message; $this->options = $options; if ($this->newCsrfToken) { $this->csrfToken = \SecurityUtil::generateCsrfToken(); } if (\System::isLegacyMode()) { $this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName()); } parent::__construct('', $this->statusCode); }
/** * Show the manage module site * @author: Sara Arjona Téllez (sarjona@xtec.cat) * @return The configuration information */ public function main() { // Security check if (!SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADMIN)) { throw new Zikula_Exception_Forbidden(); } // Get module vars $skins = ModUtil::getVar('IWqv', 'skins'); $langs = ModUtil::getVar('IWqv', 'langs'); $maxdelivers = ModUtil::getVar('IWqv', 'maxdelivers'); $basedisturl = ModUtil::getVar('IWqv', 'basedisturl'); return $this->view->assign('security', SecurityUtil::generateCsrfToken()) ->assign('skins', $skins) ->assign('langs', $langs) ->assign('maxdelivers', $maxdelivers) ->assign('basedisturl', $basedisturl) ->fetch('IWqv_admin_conf.htm'); }
/** * Zikula_View function to display the login box * * Example * {userlogin size=14 maxlength=25 maxlengthpass=20} * * Parameters: * size Size of text boxes (default=14) * maxlength Maximum length of text box for unamees (default=25) * maxlengthpass Maximum length of text box for password (default=20) * class Name of class assigned to the login form * value The default value of the username input box * js Use javascript to automatically clear the default value (defaults to true) * * @param array $params All attributes passed to this function from the template. * @param Zikula_View $view Reference to the Zikula_View object. * * @see function.userlogin.php::smarty_function_userlogin() * * @return string The welcome message. */ function smarty_function_userlogin($params, Zikula_View $view) { $assign = isset($params['assign']) ? $params['assign'] : false; if (!UserUtil::isLoggedIn()) { // set some defaults $size = isset($params['size']) ? $params['size'] : 14; $maxlength = isset($params['maxlength']) ? $params['maxlength'] : 25; $maxlengthpass = isset($params['maxlenthpass']) ? $params['maxlenthpass'] : 20; $class = isset($params['class']) ? ' class="' . $params['class'] . '"' : ''; if (ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_LOGIN_METHOD, Users_Constant::LOGIN_METHOD_UNAME) == Users_Constant::LOGIN_METHOD_EMAIL) { $value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('E-mail address'); $userNameLabel = __('E-mail address'); $methodName = 'email'; } else { $value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('User name'); $userNameLabel = __('User name'); $methodName = 'uname'; } if (!isset($params['js']) || $params['js']) { $js = ' onblur="if (this.value==\'\')this.value=\'' . $value . '\';" onfocus="if (this.value==\'' . $value . '\')this.value=\'\';"'; } else { $js = ''; } // determine the current url so we can return the user to the correct place after login $returnurl = System::getCurrentUri(); $csrftoken = SecurityUtil::generateCsrfToken(); $loginbox = '<form' . $class . ' style="display:inline" action="' . DataUtil::formatForDisplay(ModUtil::url('Users', 'user', 'login')) . '" method="post"><div>' . "\n" . '<input type="hidden" name="csrftoken" value="' . $csrftoken . '" />' . "\n" . '<input type="hidden" name="authentication_method[modname]" value="Users" />' . "\n" . '<input type="hidden" name="authentication_method[method]" value="' . $methodName . '" />' . "\n" . '<label for="userlogin_plugin_uname">' . $userNameLabel . '</label> ' . "\n" . '<input type="text" name="authentication_info[login_id]" id="userlogin_plugin_uname" size="' . $size . '" maxlength="' . $maxlength . '" value="' . $value . '"' . $js . ' />' . "\n" . '<label for="userlogin_plugin_pass">' . __('Password') . '</label> ' . "\n" . '<input type="password" name="authentication_info[pass]" id="userlogin_plugin_pass" size="' . $size . '" maxlength="' . $maxlengthpass . '" />' . "\n"; if (System::getVar('seclevel') != 'high') { $loginbox .= '<input type="checkbox" value="1" name="rememberme" id="userlogin_plugin_rememberme" />' . "\n" . '<label for="userlogin_plugin_rememberme">' . __('Remember me') . '</label> ' . "\n"; } $loginbox .= '<input type="hidden" name="returnurl" value="' . DataUtil::formatForDisplay($returnurl) . '" />' . "\n" . '<input type="submit" value="' . __('Log in') . '" />' . "\n" . '</div></form>' . "\n"; } else { $loginbox = ''; } if ($assign) { $view->assign($assign, $loginbox); } else { return $loginbox; } }
/** * Insert a CSRF protection nonce. * * Available parameters: * - assign: Assign rather the output. * * Example: * <input type="hidden" name="csrftoken" value="{insert name='csrftoken'}" /> * * @param array $params All attributes passed to this function from the template. * @param Zikula_View $view Reference to the Zikula_View object. * * @return string */ function smarty_insert_csrftoken($params, $view) { // NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php return SecurityUtil::generateCsrfToken($view->getContainer()); }
/** * Authenticate a user's credentials against an authentication module, logging him into the Zikula system. * * If the user is already logged in, then this function should behave as if {@link authenticateUserUsing()} was called. * * This function is used to check that a user is who he says he is, and that he has a valid user account with the * Zikula system. If so, the user is logged in to the Zikula system (if he is not already logged in). This function * should be used only to log a user into the Zikula system. * * This function differs from {@link checkPasswordUsing()} in that it attempts to look up a Zikula account * record for the user, and takes the user's account status into account when returning a value. Additionally, * the user is logged into the Zikula system if his credentials are verified with the authentication module specified. * * This function differs from {@link authenticateUserUsing()} in that it attempts to log the user into the Zikula system, * if he is not already logged in. If he is already logged in, then it should behave similarly to authenticateUserUsing(). * * ATTENTION: The authentication module function(s) called during this process may redirect the user to an external server * to perform authorization and/or authentication. The function calling loginUsing must already have anticipated * the reentrant nature of this process, must already have saved pertinent user state, must have supplied a * reentrant URL pointing to a function that will handle reentry into the login process silently, and must clear * any save user state immediately following the return of this function. * * @param array $authenticationMethod Auth module name. * @param array $authenticationInfo Auth info array. * @param boolean $rememberMe Whether or not to remember login. * @param string $reentrantURL If the authentication module needs to redirect to an external authentication server (e.g., OpenID), then * this is the URL to return to in order to re-enter the log-in process. The pertinent user * state must have already been saved by the function calling loginUsing(), and the URL must * point to a Zikula_AbstractController function that is equipped to detect reentry, restore the * saved user state, and get the user back to the point where loginUsing is re-executed. This * is only optional if the authentication module identified by $authenticationMethod reports that it is not * reentrant (e.g., Users is guaranteed to not be reentrant), or if $checkPassword is false. * @param boolean $checkPassword Whether or not to check the password. * @param boolean $preauthenticatedUser Whether ot not is a preauthenticated user. * * @return array|bool The user account record of the user that has logged in successfully, otherwise false */ public static function loginUsing(array $authenticationMethod, array $authenticationInfo, $rememberMe = false, $reentrantURL = null, $checkPassword = true, $preauthenticatedUser = null) { $userObj = false; if (self::preAuthenticationValidation($authenticationMethod, $authenticationInfo, $reentrantURL)) { // Authenticate the loginID and userEnteredPassword against the specified authentication module. // This should return the uid of the user logging in. Note that there are two routes here, both get a uid. // We do the authentication check first, before checking any account status information, because if the // person logging in cannot supply the proper credentials, then we should not show any detailed account status // to them. Instead they should just get the generic "no such user found or bad password" message. if ($checkPassword) { $authenticatedUid = self::internalAuthenticateUserUsing($authenticationMethod, $authenticationInfo, $reentrantURL, true); } elseif (isset($preauthenticatedUser)) { if (is_numeric($preauthenticatedUser)) { $authenticatedUid = $preauthenticatedUser; } elseif (is_array($preauthenticatedUser)) { $authenticatedUid = $preauthenticatedUser['uid']; $userObj = $preauthenticatedUser; } else { throw new Zikula_Exception_Fatal(); } } else { $authArgs = array('authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod); $authenticatedUid = ModUtil::apiFunc($authenticationMethod['modname'], 'Authentication', 'getUidForAuththenticationInfo', $authArgs, 'Zikula_Api_AbstractAuthentication'); } $session = ServiceUtil::get('request')->getSession(); $userObj = self::internalUserAccountValidation($authenticatedUid, true, isset($userObj) ? $userObj : null); if ($userObj && is_array($userObj)) { // BEGIN ACTUAL LOGIN // Made it through all the checks. We can actually log in now. // Give any interested module one last chance to prevent the login from happening. $eventArgs = array('authentication_method' => $authenticationMethod, 'uid' => $userObj['uid']); $event = new GenericEvent($userObj, $eventArgs); $event = EventUtil::dispatch('user.login.veto', $event); if ($event->isPropagationStopped()) { // The login attempt has been vetoed by one or more modules. $eventData = $event->getData(); if (isset($eventData['retry']) && $eventData['retry']) { $sessionVarName = 'Users_Controller_User_login'; $sessionNamespace = 'Zikula_Users'; $redirectURL = ModUtil::url('Users', 'user', 'login', array('csrftoken' => SecurityUtil::generateCsrfToken())); } elseif (isset($eventData['redirect_func'])) { if (isset($eventData['redirect_func']['session'])) { $sessionVarName = $eventData['redirect_func']['session']['var']; $sessionNamespace = isset($eventData['redirect_func']['session']['namespace']) ? $eventData['redirect_func']['session']['namespace'] : ''; } $redirectURL = ModUtil::url($eventData['redirect_func']['modname'], $eventData['redirect_func']['type'], $eventData['redirect_func']['func'], $eventData['redirect_func']['args']); } if (isset($redirectURL)) { if (isset($sessionVarName)) { SessionUtil::requireSession(); $sessionVars = $session->get('users/Users_User_Controller_login', array()); $sessionVars = array('returnpage' => isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : '', 'authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod, 'rememberme' => $rememberMe, 'user_obj' => $userObj); $session->set("{$sessionNamespace}/{$sessionVarName}", $sessionVars); } $userObj = false; throw new Zikula_Exception_Redirect($redirectURL); } else { throw new Zikula_Exception_Forbidden(); } } else { // The login has not been vetoed // This is what really does the Zikula login self::setUserByUid($userObj['uid'], $rememberMe, $authenticationMethod); } } } return $userObj; }
/** * Modify Theme settings. */ public function modifyconfig() { // Security check if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } // assign a list of modules suitable for html_options $usermods = ModUtil::getUserMods(); $mods = array(); foreach ($usermods as $usermod) { $mods[$usermod['name']] = $usermod['displayname']; } // register the renderer object allow access to various view values $this->view->register_object('render', $this->view); // check for a .htaccess file if (file_exists('.htaccess')) { $this->view->assign('htaccess', 1); } else { $this->view->assign('htaccess', 0); } // assign the output variables and fetch the template return $this->view->assign('mods', $mods) // assign all module vars ->assign($this->getVars()) // assign an csrftoken for the clear cache/compile links ->assign('csrftoken', SecurityUtil::generateCsrfToken($this->serviceManager, true)) // assign the core config var ->assign('theme_change', System::getVar('theme_change')) // extracted list of non-cached mods ->assign('modulesnocache', array_flip(explode(',', $this->getVar('modulesnocache')))) ->fetch('theme_admin_modifyconfig.tpl'); }
/** * View all blocks. * * @return string HTML output string. */ public function view() { // Security check if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } $sfilter = SessionUtil::getVar('filter', array(), '/Blocks'); $filter = FormUtil::getPassedValue('filter', $sfilter); $clear = FormUtil::getPassedValue('clear', 0); if ($clear) { $filter = array(); SessionUtil::setVar('filter', $filter, '/Blocks'); } // sort and sortdir GET parameters override filter values $sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid'; $sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC'; $filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET'); $filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET'); if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') { $filter['sortdir'] = 'ASC'; } $filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0; $filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0; $filter['language'] = isset($filter['language']) ? $filter['language'] : ''; $filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0; // generate an authorisation key for the links $token = SecurityUtil::generateCsrfToken($this->serviceManager, true); // set some default variables $rownum = 1; $lastpos = ''; // Get all blocks $blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter); // we can easily count the number of blocks using count() rather than // calling the api function $numrows = count($blocks); // create an empty arrow to hold the processed items $blockitems = array(); // get all possible block positions $blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); // build assoc array for easier usage later on foreach ($blockspositions as $blocksposition) { $allbposarray[$blocksposition['pid']] = $blocksposition['name']; } // loop round each item calculating the additional information $blocksitems = array(); foreach ($blocks as $key => $block) { // set the module that holds the block $modinfo = ModUtil::getInfo($block['mid']); $block['modname'] = $modinfo['displayname']; // set the blocks language if (empty($block['language'])) { $block['language'] = $this->__('All'); } else { $block['language'] = ZLanguage::getLanguageName($block['language']); } $thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid'])); $bposarray = array(); foreach ($thisblockspositions as $singleblockposition) { $bposarray[] = $allbposarray[$singleblockposition['pid']]; } $block['positions'] = implode(', ', $bposarray); unset($bposarray); // calculate what options the user has over this block $block['options'] = array(); if ($block['active']) { $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true); } else { $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true); } $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false); $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false); $blocksitems[] = $block; } $this->view->assign('blocks', $blocksitems); // get the block positions $items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); // Loop through each returned item adding in the options that the user has over the item foreach ($items as $key => $item) { if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) { $options = array(); if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) { $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name'])); if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) { $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name'])); } } // Add the calculated menu options to the item array $items[$key]['options'] = $options; } } // Assign the items to the template ksort($items); $this->view->assign('positions', $items); $this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']); // Return the output that has been generated by this function return $this->view->fetch('blocks_admin_view.tpl'); }
/** * view permissions * @return string HTML string */ public function view() { // Security check if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Get parameters from whatever input we need. $permgrp = FormUtil::getPassedValue('permgrp', -1, 'REQUEST'); $testuser = FormUtil::getPassedValue('test_user', null, 'POST'); $testcomponent = FormUtil::getPassedValue('test_component', null, 'POST'); $testinstance = FormUtil::getPassedValue('test_instance', null, 'POST'); $testlevel = FormUtil::getPassedValue('test_level', null, 'POST'); $testresult = ''; if (!empty($testuser) && !empty($testcomponent) && !empty($testinstance) ) { // we have everything we need for an effective permission check $testuid = UserUtil::getIdFromName($testuser); if ($testuid <> false) { if (SecurityUtil::checkPermission($testcomponent, $testinstance, $testlevel, $testuid)) { $testresult = '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>'; } else { $testresult = '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>'; } } else { $testresult = '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>'; } } $this->view->assign('testuser', $testuser) ->assign('testcomponent', $testcomponent) ->assign('testinstance', $testinstance) ->assign('testlevel', $testlevel) ->assign('testresult', $testresult); // decide the default view $enableFilter = $this->getVar('filter', 1); $rowview = $this->getVar('rowview', 25); // Work out which tables to operate against, and // various other bits and pieces $dbtable = DBUtil::getTables(); $permcolumn = $dbtable['group_perms_column']; $ids = $this->getGroupsInfo(); $where = ''; if ($enableFilter == 1) { $permgrpparts = explode('+', $permgrp); if ($permgrpparts[0] == 'g') { if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) { $where = "WHERE (" . $permcolumn['gid'] . "='" . SecurityUtil::PERMS_ALL . "' OR " . $permcolumn['gid'] . "='" . DataUtil::formatForStore($permgrpparts[1]) . "')"; $permgrp = $permgrpparts[1]; $this->view->assign('filtertype', 'group'); } else { $permgrp = SecurityUtil::PERMS_ALL; $where = ''; } } elseif ($permgrpparts[0] == 'c') { if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) { $where = "WHERE (" . $permcolumn['component'] . "='.*' OR " . $permcolumn['component'] . " LIKE '" . DataUtil::formatForStore($permgrpparts[1]) . "%')"; $permgrp = $permgrpparts[1]; $this->view->assign('filtertype', 'component'); } else { $permgrp = SecurityUtil::PERMS_ALL; $where = ''; } } else { $this->view->assign('filtertype', ''); } $this->view->assign('permgrps', $ids); $this->view->assign('permgrp', $permgrp); $this->view->assign('enablefilter', true); } else { $this->view->assign('enablefilter', false); $this->view->assign('filtertype', ''); $this->view->assign('permgrp', SecurityUtil::PERMS_ALL); } $accesslevels = SecurityUtil::accesslevelnames(); $orderBy = "ORDER BY $permcolumn[sequence]"; $objArray = DBUtil::selectObjectArray('group_perms', $where, $orderBy, -1, -1, false); $numrows = DBUtil::_getFetchedObjectCount(); $permissions = array(); $components = array(-1 => $this->__('All components')); if ($numrows > 0) { $csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true); $rownum = 1; $ak = array_keys($objArray); foreach ($ak as $v) { $obj = $objArray[$v]; $id = $obj['gid']; $up = array('url' => ModUtil::url('Permissions', 'admin', 'inc', array('pid' => $obj['pid'], 'permgrp' => $permgrp, 'csrftoken' => $csrftoken)), 'title' => $this->__('Up')); $down = array('url' => ModUtil::url('Permissions', 'admin', 'dec', array('pid' => $obj['pid'], 'permgrp' => $permgrp, 'csrftoken' => $csrftoken)), 'title' => $this->__('Down')); switch ($rownum) { case 1: $arrows = array('up' => 0, 'down' => 1); break; case $numrows: $arrows = array('up' => 1, 'down' => 0); break; default: $arrows = array('up' => 1, 'down' => 1); break; } $rownum++; $options = array(); $inserturl = ModUtil::url('Permissions', 'admin', 'listedit', array('permgrp' => $permgrp, 'action' => 'insert', 'insseq' => $obj['sequence'])); $editurl = ModUtil::url('Permissions', 'admin', 'listedit', array('chgpid' => $obj['pid'], 'permgrp' => $permgrp, 'action' => 'modify')); $deleteurl = ModUtil::url('Permissions', 'admin', 'delete', array('pid' => $obj['pid'], 'permgrp' => $permgrp)); $permissions[] = array('sequence' => $obj['sequence'], 'arrows' => $arrows, // Realms not currently functional so hide the output - jgm //'realms' => $realms[$realm], 'group' => $ids[$id], 'groupid' => $id, 'component' => $obj['component'], 'instance' => $obj['instance'], 'accesslevel' => $accesslevels[$obj['level']], 'accesslevelid' => $obj['level'], 'options' => $options, 'up' => $up, 'down' => $down, 'permid' => $obj['pid'], 'inserturl' => $inserturl, 'editurl' => $editurl, 'deleteurl' => $deleteurl); } } // read all perms to extract components $allPerms = DBUtil::selectObjectArray('group_perms', '', $orderBy, -1, -1, false); foreach ($allPerms as $singlePerm) { // extract components, we keep everything up to the first colon $compparts = explode(':', $singlePerm['component']); $components[$compparts[0]] = $compparts[0]; } $this->view->assign('groups', $this->getGroupsInfo()); $this->view->assign('permissions', $permissions); $this->view->assign('components', $components); $lockadmin = ($this->getVar('lockadmin')) ? 1 : 0; $this->view->assign('lockadmin', $lockadmin); $this->view->assign('adminid', $this->getVar('adminid')); // Assign the permission levels $this->view->assign('permissionlevels', SecurityUtil::accesslevelnames()); return $this->view->fetch('permissions_admin_view.tpl'); }
/** * Lists all plugins. * @return string HTML output string */ public function viewPlugins() { // Security check if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $state = FormUtil::getPassedValue('state', -1, 'GETPOST'); $sort = FormUtil::getPassedValue('sort', null, 'GETPOST'); $module = FormUtil::getPassedValue('bymodule', null, 'GETPOST'); $systemplugins = FormUtil::getPassedValue('systemplugins', false, 'GETPOST')? true : null; $this->view->assign('state', $state); // generate an auth key to use in urls $csrfToken = SecurityUtil::generateCsrfToken($this->serviceManager, true); $plugins = array(); $pluginClasses = ($systemplugins) ? PluginUtil::loadAllSystemPlugins() : PluginUtil::loadAllModulePlugins(); foreach ($pluginClasses as $className) { $instance = PluginUtil::loadPlugin($className); $pluginstate = PluginUtil::getState($instance->getServiceId(), PluginUtil::getDefaultState()); // Tweak UI if the plugin is AlwaysOn if ($instance instanceof Zikula_Plugin_AlwaysOnInterface) { $pluginstate['state'] = PluginUtil::ENABLED; $pluginstate['version'] = $instance->getMetaVersion(); } // state filer if ($state >= 0 && $pluginstate['state'] != $state) { continue; } // module filter if (!empty($module) && $instance->getModuleName() != $module) { continue; } $actions = array(); // Translate state switch ($pluginstate['state']) { case PluginUtil::NOTINSTALLED: $status = $this->__('Not installed'); $statusimage = 'redled.png'; $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'initialisePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => 'folder_new.png', 'title' => $this->__('Install')); break; case PluginUtil::ENABLED: $status = $this->__('Active'); $statusimage = 'greenled.png'; $pluginLink = array(); if (!$systemplugins) { $pluginLink['_module'] = $instance->getModuleName(); } $pluginLink['_plugin'] = $instance->getPluginName(); $pluginLink['_action'] = 'configure'; if ($instance instanceof Zikula_Plugin_ConfigurableInterface) { $actions[] = array('url' => ModUtil::url('Extensions', 'adminplugin', 'dispatch', $pluginLink), 'image' => 'configure.png', 'title' => $this->__('Configure plugin')); } // Dont allow to disable/uninstall plugins that are AlwaysOn if (!$instance instanceof Zikula_Plugin_AlwaysOnInterface) { $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'deactivatePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => 'folder_red.png', 'title' => $this->__('Deactivate')); $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => '14_layer_deletelayer.png', 'title' => $this->__('Remove plugin')); } break; case PluginUtil::DISABLED: $status = $this->__('Inactive'); $statusimage = 'yellowled.png'; $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'activatePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => 'folder_green.png', 'title' => $this->__('Activate')); $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => '14_layer_deletelayer.png', 'title' => $this->__('Remove plugin')); break; } // upgrade ? if ($pluginstate['state'] != PluginUtil::NOTINSTALLED && $pluginstate['version'] != $instance->getMetaVersion()) { $status = $this->__('New version'); $statusimage = 'redled.png'; $actions = array(); $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'upgradePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => 'folder_favorites.png', 'title' => $this->__('Upgrade')); $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin', array('plugin' => $className, 'state' => $state, 'bymodule' => $module, 'sort' => $sort, 'systemplugins' => $systemplugins, 'csrftoken' => $csrfToken) ), 'image' => '14_layer_deletelayer.png', 'title' => $this->__('Remove plugin')); } $info = array('instance' => $instance, 'status' => $status, 'statusimage' => $statusimage, 'actions' => $actions, 'version' => $pluginstate['state'] == PluginUtil::NOTINSTALLED ? $instance->getMetaVersion() : $pluginstate['version']); // new version of plugin? if ($pluginstate['state'] != PluginUtil::NOTINSTALLED && $pluginstate['version'] != $instance->getMetaVersion()) { $info['newversion'] = $instance->getMetaVersion(); } $plugins[] = $info; } // sort plugins array if (empty($sort) || $sort == 'module') { usort($plugins, array($this, 'viewPluginsSorter_byModule')); } elseif ($sort == 'name') { usort($plugins, array($this, 'viewPluginsSorter_byName')); } $this->view->assign('plugins', $plugins) ->assign('module', $module) ->assign('sort', $sort) ->assign('state', $state) ->assign('systemplugins', $systemplugins) ->assign('_type', ($systemplugins) ? 'system' : 'module'); // Return the output that has been generated by this function return $this->view->fetch('extensions_admin_viewPlugins.tpl'); }
/** * CSRF protection * * @return string HTML input field. */ public function getCsrfTokenHtml() { $key = SecurityUtil::generateCsrfToken($this->serviceManager); $html = "<input type=\"hidden\" name=\"csrftoken\" value=\"{$key}\" id=\"FormCsrfToken_{$this->formId}\" />"; return $html; }
/** * BlankTheme plugin to display the admin navigation menu. * * Available parameters: * - id (string) ID of wrapper div (default: 'nav_admin') * - ulclass (string) CSS class name of the UL (default: 'cssplay_prodrop') * - current (string) Current screen ID (optional) * - currentclass (string) CSS class name of the current tab, list item (default: 'selected') * * Example: * {bt_adminlinks id='myId' ulclass='myUlClass' current='config' currentclass='myActiveClass'} * * @author Mateo Tibaquirá [mateo] * @author Erik Spaan [espaan] * @since 08/11/2007 * * @param array $params All parameters passed to this function from the template. * @param Zikula_View_Theme &$view Reference to the View_Theme object. * * @return string Admin menu output. */ function smarty_function_bt_adminlinks($params, Zikula_View_Theme &$view) { $dom = ZLanguage::getThemeDomain('BlankTheme'); $id = isset($params['id']) ? $params['id'] : 'nav_admin'; $ulclass = isset($params['ulclass']) ? $params['ulclass'] : 'cssplay_prodrop'; $current = isset($params['current']) ? $params['current'] : ''; $cclass = isset($params['currentclass']) ? $params['currentclass'] : 'selected'; /*** Build the menu-array ***/ /* menu option: {id, translatable link text, link, array of sublinks} */ $menu = array(); /* Homepage link */ $menu[] = array('home', __('Home', $dom), System::getHomepageURL()); if (SecurityUtil::checkPermission('Admin::', '::', ACCESS_EDIT)) { /* Config menu */ // System basis $linkoptions = array( array(null, __('Site settings', $dom), ModUtil::url('Settings', 'admin', 'main'), array( array(null, __('Localization', $dom), ModUtil::url('Settings', 'admin', 'multilingual')), array(null, __('HTML settings', $dom), ModUtil::url('SecurityCenter', 'admin', 'allowedhtml')) ) ), array(null, __('Permissions', $dom), ModUtil::url('Permissions', 'admin', 'main')), array(null, __('Categories', $dom), ModUtil::url('Categories', 'admin', 'main'), array( array(null, __('Category registry', $dom), ModUtil::url('Categories', 'admin', 'editregistry')), array(null, __('New category', $dom), ModUtil::url('Categories', 'admin', 'newcat')) ) ), array(null, __('Admin panel', $dom), ModUtil::url('Admin', 'admin', 'main'), array( array(null, __('Settings', $dom), ModUtil::url('Admin', 'admin', 'modifyconfig')), array(null, __('Help', $dom), ModUtil::url('Admin', 'admin', 'help')) ) ), array(null, __('System mailer', $dom), ModUtil::url('Mailer', 'admin', 'main')), array(null, __('Search options', $dom), ModUtil::url('Search', 'admin', 'main')), ); // Legal if (ModUtil::available('Legal')) { $linkoptions[] = array(null, __('Legal settings', $dom), ModUtil::url('Legal', 'admin', 'main')); } $menu[] = array('config', __('Config', $dom), '#', $linkoptions); /* System menu */ // Search for installed hooks $linkoptions = array(); if (ModUtil::available('EZComments')) { $linkoptions[] = array(null, __('Comments', $dom), ModUtil::url('EZComments', 'admin', 'modifyconfig')); } if (ModUtil::available('MultiHook')) { $linkoptions[] = array(null, __('MultiHook', $dom), ModUtil::url('MultiHook', 'admin', 'modifyconfig')); } if (ModUtil::available('BBCode')) { $linkoptions[] = array(null, __('BBCode', $dom), ModUtil::url('bbcode', 'admin', 'config')); } if (ModUtil::available('BBSmile')) { $linkoptions[] = array(null, __('Smilies', $dom), ModUtil::url('bbsmile', 'admin', 'modifyconfig')); } if (ModUtil::available('Ratings')) { $linkoptions[] = array(null, __('Ratings', $dom), ModUtil::url('Ratings', 'admin', 'modifyconfig')); } if (empty($linkoptions)) { $linkoptions[] = array(null, __('No known hooks are installed', $dom), '#'); } $theme = System::getVar('Default_Theme'); $menu[] = array('system', __('System', $dom), '#', array( array(null, __('Extensions', $dom), ModUtil::url('Extensions', 'admin', 'main'), array( array(null, __('System plugins', $dom), ModUtil::url('Extensions', 'admin', 'viewPlugins', array('systemplugins' => 1))), array(null, __('Module plugins', $dom), ModUtil::url('Extensions', 'admin', 'viewPlugins')) ) ), array(null, __('Hooks', $dom), '#', $linkoptions ), array(null, __('Blocks', $dom), ModUtil::url('Blocks', 'admin', 'main'), array( array(null, __('New block', $dom), ModUtil::url('Blocks', 'admin', 'newblock')), array(null, __('New position', $dom), ModUtil::url('Blocks', 'admin', 'newposition')) ) ), array(null, __('Themes', $dom), ModUtil::url('Theme', 'admin', 'main')), array(null, __('Security center', $dom), ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'), array( array(null, __('View IDS log', $dom), ModUtil::url('SecurityCenter', 'admin', 'viewidslog')), array(null, __('HTMLPurifier settings', $dom), ModUtil::url('SecurityCenter', 'admin', 'purifierconfig')) ) ) ) ); // SysInfo check if (ModUtil::available('SysInfo')) { $menu[] = array(null, __('System information', $dom), ModUtil::url('SysInfo', 'admin', 'main')); } /* Users/Groups menu */ // build the Users management submenu options $subusr = array(); $profileModule = System::getVar('profilemodule', ''); if (!empty($profileModule) && ModUtil::available($profileModule)) { $subusr[] = array(null, __('Profile module', $dom), ModUtil::url($profileModule, 'admin', 'main')); } $subusr[] = array(null, __('Users settings', $dom), ModUtil::url('Users', 'admin', 'config')); $subusr[] = array(null, __('Import users', $dom), ModUtil::url('Users', 'admin', 'import')); $subusr[] = array(null, __('Export users', $dom), ModUtil::url('Users', 'admin', 'exporter')); $menu[] = array('users', __('Users', $dom), '#', array( array(null, __('Manage groups', $dom), ModUtil::url('Groups', 'admin', 'main'), array( array(null, __('Groups settings', $dom), ModUtil::url('Groups', 'admin', 'modifyconfig')) ) ), array(null, __('Manage users', $dom), ModUtil::url('Users', 'admin', 'main'), $subusr ), array(null, __('Create user', $dom), ModUtil::url('Users', 'admin', 'newUser')), array(null, __('Find users', $dom), ModUtil::url('Users', 'admin', 'search')), array(null, __('Find and e-mail users', $dom), ModUtil::url('Users', 'admin', 'mailUsers')) ) ); /* Common Utils */ $linkoptions = array( array(null, __("Edit default theme", $dom), ModUtil::url('Theme', 'admin', 'modify', array('themename' => $theme))) ); // File handling if (ModUtil::available('Files')) { $linkoptions[] = array(null, __('File manager', $dom), ModUtil::url('Files', 'admin', 'main')); } // WYSIWYG handling if (ModUtil::available('Scribite') || ModUtil::available('LuMicuLa')) { $subopt = array(); if (ModUtil::available('Scribite')) { $subopt[] = array(null, 'Scribite', ModUtil::url('Scribite', 'admin', 'main')); } if (ModUtil::available('LuMicuLa')) { $subopt[] = array(null, 'LuMicuLa', ModUtil::url('LuMicuLa', 'admin', 'main')); } } if (isset($subopt)) { $linkoptions[] = array(null, __('WYSIWYG editors', $dom), '#', $subopt); } // Thumbnails handling if (ModUtil::available('Thumbnail')) { $linkoptions[] = array(null, __('Thumbnails', $dom), ModUtil::url('Thumbnail', 'admin', 'main')); } $menu[] = array('utils', __('Utils', $dom), '#', $linkoptions); /* Common Routines links */ $token = SecurityUtil::generateCsrfToken(null, true); $linkoptions = array( array(null, __('Template engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig', array(), null, 'render_compile_dir'), array( array(null, __('Delete compiled render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_compiled', array('csrftoken' => $token))), array(null, __('Delete cached render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_cache', array('csrftoken' => $token))) ) ), array(null, __('Theme engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig'), array( array(null, __('Delete compiled theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_compiled', array('csrftoken' => $token))), array(null, __('Delete cached theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_cache', array('csrftoken' => $token))) ) ), array(null, __('Clear combination cache', $dom), ModUtil::url('Theme', 'admin', 'clear_cssjscombinecache', array('csrftoken' => $token))), array(null, __('Delete theme configurations', $dom), ModUtil::url('Theme', 'admin', 'clear_config', array('csrftoken' => $token))) ); if (ModUtil::available('SysInfo')) { $linkoptions[] = array(null, __('Filesystem check', $dom), ModUtil::url('SysInfo', 'admin', 'filesystem')); $linkoptions[] = array(null, __('Temporary folder check', $dom), ModUtil::url('SysInfo', 'admin', 'ztemp')); } $menu[] = array('routines', __('Routines', $dom), '#', $linkoptions); } /* Permission Admin:: | :: | ACCESS_EDIT ends here */ /* Create content menu */ $linkoptions = array(); // Content Modules if (ModUtil::available('Clip') && SecurityUtil::checkPermission('Clip::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('Clip Editor Panel', $dom), ModUtil::url('Clip', 'editor', 'main')), array(null, __('Create publication type', $dom), ModUtil::url('Clip', 'admin', 'pubtype')) ); $linkoptions[] = array(null, __('Clip Admin Panel', $dom), ModUtil::url('Clip', 'admin', 'main'), $suboptions); } if (ModUtil::available('News') && (SecurityUtil::checkPermission('News::', '::', ACCESS_EDIT) || SecurityUtil::checkPermission('Stories::Story', '::', ACCESS_EDIT))) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('News', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('News', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add an article', $dom), ModUtil::url('News', 'admin', 'new'), $suboptions); } if (ModUtil::available('Pages') && SecurityUtil::checkPermission('Pages::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('Pages', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('Pages', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a page', $dom), ModUtil::url('Pages', 'admin', 'new'), $suboptions); } if (ModUtil::available('Content') && SecurityUtil::checkPermission('Content::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('Settings', $dom), ModUtil::url('Content', 'admin', 'settings')) ); $linkoptions[] = array(null, __('Edit contents', $dom), ModUtil::url('Content', 'edit', 'main'), $suboptions); } // Downloads modules if (ModUtil::available('MediaAttach') && SecurityUtil::checkPermission('MediaAttach::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('MediaAttach', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('MediaAttach', 'admin', 'main')) ); $linkoptions[] = array(null, __('Add a download', $dom), ModUtil::url('MediaAttach', 'admin', 'view', array(), null, 'myuploadform_switch'), $suboptions); } if (ModUtil::available('Downloads') && SecurityUtil::checkPermission('Downloads::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('Add category', $dom), ModUtil::url('Downloads', 'admin', 'category_menu')), array(null, __('Settings', $dom), ModUtil::url('Downloads', 'admin', 'main')) ); $linkoptions[] = array(null, __('Add a download', $dom), ModUtil::url('Downloads', 'admin', 'newdownload'), $suboptions); } // Community modules if (ModUtil::available('Polls') && SecurityUtil::checkPermission('Polls::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('Polls', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('Polls', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a poll', $dom), ModUtil::url('Polls', 'admin', 'new'), $suboptions); } if (ModUtil::available('FAQ') && SecurityUtil::checkPermission('FAQ::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('FAQ', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('FAQ', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a FAQ', $dom), ModUtil::url('FAQ', 'admin', 'new'), $suboptions); } if (ModUtil::available('Feeds') && SecurityUtil::checkPermission('Feeds::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('Feeds', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('Feeds', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a feed', $dom), ModUtil::url('Feeds', 'admin', 'new'), $suboptions); } if (ModUtil::available('Reviews') && SecurityUtil::checkPermission('Reviews::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('Reviews', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('Reviews', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a review', $dom), ModUtil::url('Reviews', 'admin', 'new'), $suboptions); } if (ModUtil::available('WebLinks') && SecurityUtil::checkPermission('Web_Links::', '::', ACCESS_EDIT)) { $linkoptions[] = array(null, __('Add a web link', $dom), ModUtil::url('WebLinks', 'admin', 'main', array('op' => 'LinksAddLink'))); } // Calendar modules if (ModUtil::available('TimeIt') && SecurityUtil::checkPermission('TimeIt::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('Settings', $dom), ModUtil::url('TimeIt', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a calendar event', $dom), ModUtil::url('TimeIt', 'admin', 'new'), $suboptions); } if (ModUtil::available('crpCalendar') && SecurityUtil::checkPermission('crpCalendar::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('crpCalendar', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('crpCalendar', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add a calendar event', $dom), ModUtil::url('crpCalendar', 'admin', 'new'), $suboptions); } // Legacy modules if (ModUtil::available('AdminMessages') && SecurityUtil::checkPermission('AdminMessages::', '::', ACCESS_EDIT)) { $suboptions = array( array(null, __('View list', $dom), ModUtil::url('AdminMessages', 'admin', 'view')), array(null, __('Settings', $dom), ModUtil::url('AdminMessages', 'admin', 'modifyconfig')) ); $linkoptions[] = array(null, __('Add an admin message', $dom), ModUtil::url('AdminMessages', 'admin', 'new'), $suboptions); } if (!$linkoptions) { $linkoptions[] = array(null, __('No known modules are installed', $dom), '#'); } $menu[] = array('content', __('Create content', $dom), '#', $linkoptions); /* Logout link */ $menu[] = array('logout', __('Log out', $dom), ModUtil::url('Users', 'user', 'logout')); /* Create the menu based on the array above */ $output = '<div id="'.$id.'"><ul' . ((!empty($ulclass))?' class="'.$ulclass.'"':'') . '>'; foreach ($menu as $option) { $output .= bt_adminlinks_drawmenu($option, $current, $cclass); } $output .= '</ul></div>'; return $output; }
/** * {@inheritdoc} */ public function generateCsrfToken($intention) { return \SecurityUtil::generateCsrfToken(); }
/** * View all blocks. * * @return string HTML output string. */ public function view() { // Security check if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } $sfilter = SessionUtil::getVar('filter', array(), '/Blocks'); $filter = FormUtil::getPassedValue('filter', $sfilter); $clear = FormUtil::getPassedValue('clear', 0); if ($clear) { $filter = array(); SessionUtil::setVar('filter', $filter, '/Blocks'); } // sort and sortdir GET parameters override filter values $sort = (isset($filter['sort']) && !empty($filter['sort'])) ? strtolower($filter['sort']) : 'bid'; $sortdir = (isset($filter['sortdir']) && !empty($filter['sortdir'])) ? strtoupper($filter['sortdir']) : 'ASC'; $filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET'); $filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET'); if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') { $filter['sortdir'] = 'ASC'; } $filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0; $filter['module_id'] = isset($filter['module_id']) ? $filter['module_id'] : 0; $filter['language'] = isset($filter['language']) ? $filter['language'] : ''; $filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0; $this->view->assign('filter', $filter) ->assign('sort', $filter['sort']) ->assign('sortdir', $filter['sortdir']); // generate an authorisation key for the links $csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true); $this->view->assign('csrftoken', $csrftoken); // Get all blocks $blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter); // get all possible block positions and build assoc array for easier usage later on $blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); foreach ($blockspositions as $blocksposition) { $allbposarray[$blocksposition['pid']] = $blocksposition['name']; } // loop round each item calculating the additional information $blocksitems = array(); foreach ($blocks as $key => $block) { $block = $block->toArray(); // set the module that holds the block $modinfo = ModUtil::getInfo($block['mid']); $block['modname'] = $modinfo['displayname']; // set the block's language if (empty($block['language'])) { $block['language'] = $this->__('All'); } else { $block['language'] = ZLanguage::getLanguageName($block['language']); } // set the block's position(s) $bposarray = array(); $thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid'])); foreach ($thisblockspositions as $singleblockposition) { $bposarray[] = $allbposarray[$singleblockposition['pid']]; } $block['positions'] = implode(', ', $bposarray); unset($bposarray); // push block to array $blocksitems[] = $block; } $this->view->assign('blocks', $blocksitems); // get the block positions and assign them to the template $positions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); $this->view->assign('positions', $positions); // Return the output that has been generated by this function return $this->view->fetch('blocks_admin_view.tpl'); }
/** * Display the login form, or process a user log-in request. * * This displays the main log-in screen to the user, allowing him to select a method of authenticating himself * to the system (if more than one authentication method is available), and to provide his credentials in * order to log into the site. * * Upon submitting his credentials (either through the log-in form mentioned above, or through another form * such as the log-in block, this processes the credentials as a log-in request. * * If the user is already logged in, then he is redirected the main Users module page. * * Parameters passed via the $args array: * -------------------------------------- * array authentication_info An array containing the authentication information entered by the user. * array authentication_method An array containing two elements: 'modname', the authentication module name, and 'method', the * selected authentication method as defined by the module. * boolean rememberme True if the user should remain logged in at that computer for future visits; otherwise false. * string returnpage The URL of the page to return to if the log-in attempt is successful. (This URL must not be urlencoded.) * * Parameters passed via GET: * -------------------------- * string returnpage The urlencoded URL of the page to return to if the log-in attempt is successful. * * Parameters passed via POST: * --------------------------- * array authentication_info An array containing the authentication information entered by the user. * array authentication_method An array containing two elements: 'modname', the authentication module name, and 'method', the * selected authentication method as defined by the module. * boolean rememberme True if the user should remain logged in at that computer for future visits; otherwise false. * string returnpage The URL of the page to return to if the log-in attempt is successful. (This URL must not be urlencoded.) * * Parameters passed via SESSION: * ------------------------------ * Namespace: Zikula_Users * Variable: Users_Controller_User_login * Type: array * Contents: An array containing the information passed in via the $args array or the GET or POST variables, and additionaly, the * element 'user_obj'if the user record has been loaded. (The returnpage element must not be urlencoded when stored * on the session.) * * @return boolean|string True on successful authentication and login, the rendered output of the appropriate * template to display the log-in form. * * @throws Zikula_Exception_Redirect If the user is already logged in, or upon successful login with the redirect * option set to send the user to the appropriate page, or... */ public function login($args) { // we shouldn't get here if logged in already.... $this->redirectIf(UserUtil::isLoggedIn(), ModUtil::url($this->name, 'user', 'main')); $loggedIn = false; $isFunctionCall = false; $isReentry = false; // Need to check for $args first, since isPost() and isGet() will have been set on the original call if (isset($args) && is_array($args) && !empty($args)) { // We are coming in or back (reentering) from someplace else via a direct call to this function. It is likely that // we are coming back from a user.login.veto event handler that redirected the user to a page where he had to provide // more information. $authenticationInfo = isset($args['authentication_info']) ? $args['authentication_info'] : array(); $selectedAuthenticationMethod = isset($args['authentication_method']) ? $args['authentication_method'] : array(); $rememberMe = isset($args['rememberme']) ? $args['rememberme'] : false; $returnPage = isset($args['returnpage']) ? $args['returnpage'] : $this->request->query->get('returnpage', ''); $eventType = isset($args['event_type']) ? $args['event_type'] : false; $isFunctionCall = true; } elseif (isset($args) && !is_array($args)) { // Coming from a function call, but bad $args throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs()); } elseif ($this->request->isPost()) { // We got here from a POST, either from the login, the login block, or some reasonable facsimile thereof. if (System::getVar('anonymoussessions', false)) { $this->checkCsrfToken(); } $authenticationInfo = $this->request->request->get('authentication_info', array()); $selectedAuthenticationMethod = $this->request->request->get('authentication_method', array()); $rememberMe = $this->request->request->get('rememberme', false); $returnPage = $this->request->request->get('returnpage', urldecode($this->request->query->get('returnpage', ''))); if (empty($returnPage)) { // Check if returnurl was set instead of returnpage $returnPage = $this->request->request->get('returnurl', urldecode($this->request->query->get('returnurl', ''))); } $eventType = $this->request->request->get('event_type', false); } elseif ($this->request->isGet()) { $reentry = false; $reentrantTokenReceived = $this->request->query->get('reentranttoken', ''); $sessionVars = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users'); $this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users'); $reentrantToken = isset($sessionVars['reentranttoken']) ? $sessionVars['reentranttoken'] : false; if (!empty($reentrantTokenReceived) && ($reentrantTokenReceived == $reentrantToken)) { // We are coming back (reentering) from someplace else. It is likely that we are coming back from an external // authentication process initiated by an authentication module such as OpenID. $authenticationInfo = isset($sessionVars['authentication_info']) ? $sessionVars['authentication_info'] : array(); $selectedAuthenticationMethod = isset($sessionVars['authentication_method']) ? $sessionVars['authentication_method'] : array(); $rememberMe = isset($sessionVars['rememberme']) ? $sessionVars['rememberme'] : false; $returnPage = isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : $this->request->query->get('returnpage', ''); $eventType = isset($sessionVars['event_type']) ? $sessionVars['event_type'] : false; $user = isset($sessionVars['user_obj']) ? $sessionVars['user_obj'] : null; $isReentry = true; } else { $authenticationInfo = array(); $selectedAuthenticationMethod = array(); $rememberMe = false; $returnPage = urldecode($this->request->query->get('returnpage', $this->request->query->get('returnurl', ''))); $eventType = 'login_screen'; $user = array(); $event = new Zikula_Event('module.users.ui.login.started'); $this->eventManager->notify($event); } } else { throw new Zikula_Exception_Forbidden(); } if (!isset($reentrantToken)) { $reentrantToken = substr(SecurityUtil::generateCsrfToken(), 0, 10); } // Any authentication information for use in this pass through login is gathered, so ensure any session variable // is cleared, even if we are coming in through a post or a function call that didn't gather info from the session. $this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users'); $authenticationMethodList = new Users_Helper_AuthenticationMethodList($this); if ($this->request->isPost() || $isFunctionCall || $isReentry) { // A form submission, or a simulated submission as a function call. if (isset($authenticationInfo) && is_array($authenticationInfo) && !empty($authenticationInfo)) { if (!isset($selectedAuthenticationMethod) || !is_array($selectedAuthenticationMethod) || empty($selectedAuthenticationMethod) || !isset($selectedAuthenticationMethod['modname']) || empty($selectedAuthenticationMethod['modname']) || !isset($selectedAuthenticationMethod['method']) || empty($selectedAuthenticationMethod['method']) ) { throw new Zikula_Exception_Fatal($this->__('Error! Invalid authentication method information.')); } if (ModUtil::available($selectedAuthenticationMethod['modname']) && ModUtil::apiFunc($selectedAuthenticationMethod['modname'], 'authentication', 'isEnabledForAuthentication', $selectedAuthenticationMethod) ) { // The authentication method is reasonably valid, moving on to validate the user-entered credentials $validateAuthenticationInfoArgs = array( 'authenticationMethod' => $selectedAuthenticationMethod, 'authenticationInfo' => $authenticationInfo, ); if (ModUtil::func($selectedAuthenticationMethod['modname'], 'authentication', 'validateAuthenticationInformation', $validateAuthenticationInfoArgs)) { // The authentication method and the authentication information have been validated at the UI level. // // Moving on to the actual authentication process. Save the submitted information in case the authentication // method is external and reentrant. // // We're using sessions here, even though anonymous sessions might be turned off for anonymous users. // If the user is trying to log in, then he's going to get a session if he's successful, // so using sessions on the anonymous user just before logging in should be ok. SessionUtil::requireSession(); $sessionVars = array( 'event_type' => $eventType, 'returnpage' => $returnPage, 'authentication_info' => $authenticationInfo, 'authentication_method' => $selectedAuthenticationMethod, 'rememberme' => $rememberMe, 'reentranttoken' => $reentrantToken, ); $this->request->getSession()->set('Users_Controller_User_login', $sessionVars, 'Zikula_Users'); // The authentication method selected might be reentrant (it might send the user out to an external web site // for authentication, and then send us back to finish the job). We need to tell the external system to where // we would like to return. $reentrantUrl = ModUtil::url($this->name, 'user', 'login', array('reentranttoken' => $reentrantToken), null, null, true, true); // There may be hook providers that need to be validated, so we cannot yet log in. The hook providers will // need a user object to make sure they know who they're dealing with. Authenticate (so we are sure that // the user is who he says he is) and get a user. // // The chosen authentication method might be reentrant, and this is the point were the user might be directed // outside the Zikula system for external authentication. $user = UserUtil::authenticateUserUsing($selectedAuthenticationMethod, $authenticationInfo, $reentrantUrl, true); // If we have gotten to this point in the same call to login(), then the authentication method was not external // and reentrant, so we should not need the session variable any more. If it is external and reentrant, and the // user was required to exit the Zikula system for authentication on the external system, then we will not get // to this point until the reentrant call back to login() (at which point the variable should, again, not be needed // anymore). $this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users'); // Did we get a good user? If so, then we can proceed to hook validation. if (isset($user) && $user && is_array($user) && isset($user['uid']) && is_numeric($user['uid'])) { $validators = new Zikula_Hook_ValidationProviders(); if ($eventType) { $event = new Zikula_Event("module.users.ui.validate_edit.{$eventType}", $user, array(), $validators); $validators = $this->eventManager->notify($event)->getData(); $hook = new Zikula_ValidationHook("users.ui_hooks.{$eventType}.validate_edit", $validators); $this->notifyHooks($hook); $validators = $hook->getValidators(); } if (!$validators->hasErrors()) { // Process the edit hooks BEFORE we log in, so that any changes to the user record are recorded before we re-check // the user's ability to log in. If we don't do this, then user.login.veto might trap and cancel the login attempt again. if ($eventType) { $event = new Zikula_Event("module.users.ui.process_edit.{$eventType}", $user, array()); $this->eventManager->notify($event); $hook = new Zikula_ProcessHook("users.ui_hooks.{$eventType}.process_edit", $user['uid']); $this->notifyHooks($hook); } if (!isset($user['lastlogin']) || empty($user['lastlogin']) || ($user['lastlogin'] == '1970-01-01 00:00:00')) { $isFirstLogin = true; } else { $isFirstLogin = false; } // Because we are passing a $user and setting checkPassword false, this call back into the authentication // chain should not trigger an external re-authentication, so it should not need preparation for reentry. $loggedIn = UserUtil::loginUsing($selectedAuthenticationMethod, $authenticationInfo, $rememberMe, $reentrantUrl, false, $user); if (!$loggedIn) { // Because the user was preauthentication, this should never happen, but just in case... if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) { $this->registerError($this->__('Your log-in request was not completed.')); } $eventArgs = array( 'authentication_method' => $selectedAuthenticationMethod, 'authentication_info' => $authenticationInfo, 'redirecturl' => '', ); $failedEvent = new Zikula_Event('module.users.ui.login.failed', $user, $eventArgs); $failedEvent = $this->eventManager->notify($failedEvent); $redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : ''; if (!empty($redirectUrl)) { $this->redirect($redirectUrl); } } } else { if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) { $this->registerError($this->__('Your log-in request was not completed.')); } $eventArgs = array( 'authentication_method' => $selectedAuthenticationMethod, 'authentication_info' => $authenticationInfo, 'redirecturl' => '', ); $failedEvent = new Zikula_Event('module.users.ui.login.failed', $user, $eventArgs); $failedEvent = $this->eventManager->notify($failedEvent); $redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : ''; if (!empty($redirectUrl)) { $this->redirect($redirectUrl); } } } else { if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) { $this->registerError($this->__('There is no user account matching that information, or the password you gave does not match the password on file for that account.')); } $eventArgs = array( 'authentication_method' => $selectedAuthenticationMethod, 'authentication_info' => $authenticationInfo, 'redirecturl' => '', ); $failedEvent = new Zikula_Event('module.users.ui.login.failed', null, $eventArgs); $failedEvent = $this->eventManager->notify($failedEvent); $redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : ''; if (!empty($redirectUrl)) { $this->redirect($redirectUrl); } } } else { if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) { $this->registerError($this->__('The credentials you entered were not valid. Please reenter the requested information and try again.')); } } } else { if ($authenticationMethodList->countEnabledForAuthentication() <= 1) { $this->registerError($this->__('The selected log-in method is not currently available. Please contact the site administrator for assistance.')); } else { $this->registerError($this->__('The selected log-in method is not currently available. Please choose another or contact the site administrator for assistance.')); } } } elseif (isset($authenticationInfo) && (!is_array($authenticationInfo))) { throw new Zikula_Exception_Fatal($this->__('Error! Invalid authentication information received.')); } } if (!$loggedIn) { // Either a GET request type to initially display the login form, or a failed login attempt // which means the login form should be displayed anyway. if ((!isset($selectedAuthenticationMethod) || empty($selectedAuthenticationMethod)) && ($authenticationMethodList->countEnabledForAuthentication() <= 1) ) { $authenticationMethod = $authenticationMethodList->getAuthenticationMethodForDefault(); $selectedAuthenticationMethod = array( 'modname' => $authenticationMethod->modname, 'method' => $authenticationMethod->method, ); } // TODO - The order and availability should be set by configuration $authenticationMethodDisplayOrder = array(); foreach ($authenticationMethodList as $authenticationMethod) { if ($authenticationMethod->isEnabledForAuthentication()) { $authenticationMethodDisplayOrder[] = array( 'modname' => $authenticationMethod->modname, 'method' => $authenticationMethod->method, ); } } $templateArgs = array( 'returnpage' => isset($returnPage) ? $returnPage : '', 'authentication_info' => isset($authenticationInfo) ? $authenticationInfo : array(), 'selected_authentication_method' => $selectedAuthenticationMethod, 'authentication_method_display_order' => $authenticationMethodDisplayOrder, 'user_obj' => isset($user) ? $user : array(), ); return $this->view->assign($templateArgs) ->fetch('users_user_login.tpl'); } else { $eventArgs = array( 'authentication_method' => $selectedAuthenticationMethod, 'redirecturl' => $returnPage, ); if (isset($isFirstLogin)) { $eventArgs['is_first_login'] = $isFirstLogin; } $event = new Zikula_Event('module.users.ui.login.succeeded', $user, $eventArgs); $event = $this->eventManager->notify($event); $returnPage = $event->hasArg('redirecturl') ? $event->getArg('redirecturl') : $returnPage; if (empty($returnPage)) { $returnPage = System::getHomepageUrl(); } // A successful login. if ($this->getVar(Users_Constant::MODVAR_LOGIN_WCAG_COMPLIANT, 1) == 1) { // WCAG compliant login $this->redirect($returnPage); } else { // meta refresh $this->printRedirectPage($this->__('You are being logged-in. Please wait...'), $returnPage); return true; } } }
// Start output of page // define('SHOW_ONLINE', true); $page_title = $lang['Index']; include $phpbb_root_path . 'includes/page_header.' . $phpEx; $template->set_filenames(array('body' => 'index_body.tpl')); // Begin PNphpBB2 Categories Hierarchie Mod if ($nav_cat_desc != "") { $nav_cat_desc = $nav_separator . $nav_cat_desc; } $mark = $viewcat == -1 ? '' : '&' . POST_CAT_URL . '=' . $viewcat; // End PNphpBB2 Categories Hierarchie Mod $template->assign_vars(array('TOTAL_POSTS' => sprintf($l_total_post_s, $total_posts), 'TOTAL_USERS' => sprintf($l_total_user_s, $total_users), 'NEWEST_USER' => sprintf($lang['Newest_user'], '<a href="' . append_sid("profile.{$phpEx}?mode=viewprofile&" . POST_USERS_URL . "={$newest_uid}") . '">', DataUtil::formatForDisplay($newest_user), '</a>'), 'FORUM_IMG' => $images['forum'], 'FORUM_NEW_IMG' => $images['forum_new'], 'FORUM_LOCKED_IMG' => $images['forum_locked'], 'WHOSONLINE' => $images['whosonline'], 'L_POSTED' => $lang['Posted'], 'L_LEGEND' => $lang['Legend'], 'L_FORUM' => $lang['Forum'], 'L_TOPICS' => $lang['Topics'], 'L_REPLIES' => $lang['Replies'], 'L_VIEWS' => $lang['Views'], 'L_POSTS' => $lang['Posts'], 'L_LASTPOST' => $lang['Last_Post'], 'L_NO_NEW_POSTS' => $lang['No_new_posts'], 'L_NEW_POSTS' => $lang['New_posts'], 'L_NO_NEW_POSTS_LOCKED' => $lang['No_new_posts_locked'], 'L_NEW_POSTS_LOCKED' => $lang['New_posts_locked'], 'L_ONLINE_EXPLAIN' => $lang['Online_explain'], 'L_MODERATOR' => $lang['Moderators'], 'L_FORUM_LOCKED' => $lang['Forum_is_locked'], 'L_MARK_FORUMS_READ' => $lang['Mark_all_forums'], 'U_MARK_READ' => append_sid("index.{$phpEx}?mark=forums{$mark}"))); // ZphpBB2 => if (!$userdata['session_logged_in']) { $template->assign_vars(array('ZLOGIN_CSRFTOKEN' => SecurityUtil::generateCsrfToken(), 'ZLOGIN_RETURNPAGE' => DataUtil::formatForDisplay(System::getCurrentUri()))); } // <= ZphpBB2 // Begin PNphpBB2 Module if (!$board_config['pnphpbb2_members_online'] && (!$board_config['pnphpbb2_members_online_annon'] || $userdata['session_logged_in'])) { $template->assign_block_vars('switch_members_online', array()); } // End PNphpBB2 Module // Begin PNphpBB2 Module (Announcements) if ($board_config['pnphpbb2_enable_announce'] == 1) { // $announcement_duration = 7; if (isset($board_config['pnphpbb2_announcement_duration'])) { $announcement_duration = $board_config['pnphpbb2_announcement_duration']; } $time_floor = $announcement_duration == 0 ? 0 : time() - ($announcement_duration - 1) * 24 * 3600;
/** * View all items managed by this module. * * @return string The rendered template output. */ public function view() { if (!SecurityUtil::checkPermission('Profile::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } // Get parameters from whatever input we need. $startnum = (int)$this->request->getGet()->get('startnum', null); $numitems = 20; $items = ModUtil::apiFunc('Profile', 'user', 'getall', array('startnum' => $startnum, 'numitems' => $numitems)); $count = ModUtil::apiFunc('Profile', 'user', 'countitems'); $csrftoken = SecurityUtil::generateCsrfToken(); $x = 1; $duditems = array(); foreach ($items as $item) { // display the proper icom and link to enable or disable the field switch (true) { // 0 <= DUD types can't be disabled case ($item['prop_dtype'] <= 0): $statusval = 1; $status = array('url' => '', 'image' => 'greenled.png', 'title' => $this->__('Required')); break; case ($item['prop_weight'] <> 0): $statusval = 1; $status = array('url' => ModUtil::url('Profile', 'admin', 'deactivate', array('dudid' => $item['prop_id'], 'weight' => $item['prop_weight'], 'csrftoken' => $csrftoken)), 'image' => 'greenled.png', 'title' => $this->__('Deactivate')); break; default: $statusval = 0; $status = array('url' => ModUtil::url('Profile', 'admin', 'activate', array('dudid' => $item['prop_id'], 'csrftoken' => $csrftoken)), 'image' => 'redled.png', 'title' => $this->__('Activate')); } // analizes the DUD type switch ($item['prop_dtype']) { case '-2': // non-editable field $data_type_text = $this->__('Not editable field'); break; case '-1': // Third party (non-editable) $data_type_text = $this->__('Third-party (not editable)'); break; case '0': // Third party (mandatory) $data_type_text = $this->__('Third-party') . ($item['prop_required'] ? ', '.$this->__('Required') : ''); break; default: case '1': // Normal property $data_type_text = $this->__('Normal') . ($item['prop_required'] ? ', '.$this->__('Required') : ''); break; case '2': // Third party (normal field) $data_type_text = $this->__('Third-party') . ($item['prop_required'] ? ', '.$this->__('Required') : ''); break; } // Options for the item. $options = array(); if (SecurityUtil::checkPermission('Profile::item', "$item[prop_label]::$item[prop_id]", ACCESS_EDIT)) { $options[] = array('url' => ModUtil::url('Profile', 'admin', 'modify', array('dudid' => $item['prop_id'])), 'image' => 'xedit.png', 'class' => '', 'title' => $this->__('Edit')); if ($item['prop_weight'] > 1) { $options[] = array('url' => ModUtil::url('Profile', 'admin', 'decrease_weight', array('dudid' => $item['prop_id'])), 'image' => '2uparrow.png', 'class' => 'profile_up', 'title' => $this->__('Up')); } if ($x < $count) { $options[] = array('url' => ModUtil::url('Profile', 'admin', 'increase_weight', array('dudid' => $item['prop_id'])), 'image' => '2downarrow.png', 'class' => 'profile_down', 'title' => $this->__('Down')); } if (SecurityUtil::checkPermission('Profile::item', "$item[prop_label]::$item[prop_id]", ACCESS_DELETE) && $item['prop_dtype'] > 0) { $options[] = array('url' => ModUtil::url('Profile', 'admin', 'delete', array('dudid' => $item['prop_id'])), 'image' => '14_layer_deletelayer.png', 'class' => '', 'title' => $this->__('Delete')); } } $item['status'] = $status; $item['statusval'] = $statusval; $item['options'] = $options; $item['dtype'] = $data_type_text; $duditems[] = $item; $x++; } $this->view->setCaching(false) ->assign('startnum', $startnum) ->assign('duditems', $duditems); // assign the values for the smarty plugin to produce a pager in case of there // being many items to display. $this->view->assign('pager', array('numitems' => $count, 'itemsperpage' => $numitems)); // Return the output that has been generated by this function return $this->view->fetch('profile_admin_view.tpl'); }