/** * Load a user by his e-mail adress * * @param string $email The email of the user to load. * * @throws Exception If user cannot be loaded */ public function loadUserByEmail($email) { $email = (string) $email; $db = BackendModel::getContainer()->get('database'); // get user-data $userData = (array) $db->getRecord('SELECT u.id, u.email, u.is_god, us.session_id, us.secret_key, UNIX_TIMESTAMP(us.date) AS date FROM users AS u LEFT OUTER JOIN users_sessions AS us ON u.id = us.user_id AND us.session_id = ? WHERE u.email = ? LIMIT 1', array(\SpoonSession::getSessionId(), $email)); // if there is no data we have to destroy this object, I know this isn't a realistic situation if (empty($userData)) { throw new Exception('user (' . $email . ') can\'t be loaded.'); } // set properties $this->setUserId($userData['id']); $this->setEmail($userData['email']); $this->setSessionId($userData['session_id']); $this->setSecretKey($userData['secret_key']); $this->setLastloggedInDate($userData['date']); $this->isAuthenticated = true; $this->isGod = $userData['is_god'] == 'Y'; $this->loadGroups($userData['id']); // get settings $settings = (array) $db->getPairs('SELECT us.name, us.value FROM users_settings AS us INNER JOIN users AS u ON us.user_id = u.id WHERE u.email = ?', array($email)); // loop settings and store them in the object foreach ($settings as $key => $value) { $this->settings[$key] = unserialize($value); } // nickname available? if (!isset($this->settings['nickname']) || $this->settings['nickname'] == '') { $this->setSetting('nickname', $this->settings['name'] . ' ' . $this->settings['surname']); } }
/** * Get a token * * @return string */ public function getToken() { if (!SpoonSession::exists('form_token')) { $token = md5(SpoonSession::getSessionId() . rand(0, 999) . time()); SpoonSession::set('form_token', $token); } return SpoonSession::get('form_token'); }
/** * Logsout the current user * * @return void */ public static function logout() { // remove all rows owned by the current user BackendModel::getDB(true)->delete('users_sessions', 'session_id = ?', SpoonSession::getSessionId()); // reset values. We can't destroy the session because session-data can be used on the site. SpoonSession::set('backend_logged_in', false); SpoonSession::set('backend_secret_key', ''); }
/** * Parse the authentication settings for the authenticated user */ private function parseAuthentication() { // init var $db = BackendModel::getDB(); // get allowed actions $allowedActions = (array) $db->getRecords('SELECT gra.module, gra.action, MAX(gra.level) AS level FROM users_sessions AS us INNER JOIN users AS u ON us.user_id = u.id INNER JOIN users_groups AS ug ON u.id = ug.user_id INNER JOIN groups_rights_actions AS gra ON ug.group_id = gra.group_id WHERE us.session_id = ? AND us.secret_key = ? GROUP BY gra.module, gra.action', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key'))); // loop actions and assign to template foreach ($allowedActions as $action) { if ($action['level'] == '7') { $this->assign('show' . SpoonFilter::toCamelCase($action['module'], '_') . SpoonFilter::toCamelCase($action['action'], '_'), true); } } }
/** * Validate the form. */ private function validateForm() { // submitted if ($this->frm->isSubmitted()) { // does the key exists? if (SpoonSession::exists('formbuilder_' . $this->item['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->addError(FL::err('FormTimeout')); } } // validate fields foreach ($this->item['fields'] as $field) { // fieldname $fieldName = 'field' . $field['id']; // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // loop other validations foreach ($field['validations'] as $rule => $settings) { // already has an error so skip if ($this->frm->getField($fieldName)->getErrors() !== null) { continue; } // required if ($rule == 'required') { $this->frm->getField($fieldName)->isFilled($settings['error_message']); } elseif ($rule == 'email') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isEmail($settings['error_message']); } } elseif ($rule == 'numeric') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isNumeric($settings['error_message']); } } } } // valid form if ($this->frm->isCorrect()) { // item $data['form_id'] = $this->item['id']; $data['session_id'] = SpoonSession::getSessionId(); $data['sent_on'] = FrontendModel::getUTCDate(); $data['data'] = serialize(array('server' => $_SERVER)); // insert data $dataId = FrontendFormBuilderModel::insertData($data); // init fields array $fields = array(); // loop all fields foreach ($this->item['fields'] as $field) { // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // field data $fieldData['data_id'] = $dataId; $fieldData['label'] = $field['settings']['label']; $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue(); // prepare fields for email if ($this->item['method'] == 'database_email') { // add field for email $emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value'])); } // clean up if (is_array($fieldData['value']) && empty($fieldData['value'])) { $fieldData['value'] = null; } // serialize if ($fieldData['value'] !== null) { $fieldData['value'] = serialize($fieldData['value']); } // save fields data $fields[] = $fieldData; // insert FrontendFormBuilderModel::insertDataField($fieldData); } // need to send mail if ($this->item['method'] == 'database_email') { // build variables $variables['sentOn'] = time(); $variables['name'] = $this->item['name']; $variables['fields'] = $emailFields; // loop recipients foreach ($this->item['email'] as $address) { // add email FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']); } } // trigger event FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId())); // store timestamp in session so we can block excesive usage SpoonSession::set('formbuilder_' . $this->item['id'], time()); // redirect $redirect = SITE_URL . '/' . $this->URL->getQueryString(); $redirect .= stripos($redirect, '?') === false ? '?' : '&'; $redirect .= 'identifier=' . $this->item['identifier']; // redirect with identifier SpoonHTTP::redirect($redirect); } else { // global form errors set if ($this->frm->getErrors() != '') { $this->tpl->assign('formBuilderError', $this->frm->getErrors()); } else { $this->tpl->assign('formBuilderError', FL::err('FormError')); } } } }
/** * Loads the actual components on the page */ public function load() { // set tracking cookie Model::getVisitorId(); // get pageId for requested URL $this->pageId = Navigation::getPageId(implode('/', $this->URL->getPages())); // set headers if this is a 404 page if ($this->pageId == 404) { $this->statusCode = 404; if (extension_loaded('newrelic')) { newrelic_name_transaction('404'); } } // create breadcrumb instance $this->breadcrumb = new Breadcrumb($this->getKernel()); // create header instance $this->header = new Header($this->getKernel()); // new footer instance $this->footer = new Footer($this->getKernel()); // get page content $this->getPageContent(); // process page $this->processPage(); // execute all extras linked to the page $this->processExtras(); // store statistics $this->storeStatistics(); // trigger event Model::triggerEvent('Core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => \SpoonSession::getSessionId(), 'visitorId' => Model::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER)); }
/** * Logout a profile. * * @return void */ public static function logout() { // delete session records FrontendModel::getDB(true)->delete('profiles_sessions', 'session_id = ?', array(SpoonSession::getSessionId())); // set is_logged_in to false SpoonSession::set('frontend_profile_logged_in', false); // delete cookie SpoonCookie::delete('frontend_profile_secret_key'); }
/** * Loads the actual components on the page */ public function load() { // set tracking cookie Model::getVisitorId(); // create header instance $this->header = new Header($this->getKernel()); // get page content from pageId of the requested URL $this->record = $this->getPageContent(Navigation::getPageId(implode('/', $this->URL->getPages()))); if (empty($this->record)) { $this->record = Model::getPage(404); } // authentication if (BackendModel::isModuleInstalled('Profiles') && isset($this->record['data']['auth_required'])) { $data = $this->record['data']; // is auth required and is profile logged in if ($data['auth_required']) { if (!FrontendAuthenticationModel::isLoggedIn()) { // redirect to login page $queryString = $this->URL->getQueryString(); throw new RedirectException('Redirect', new RedirectResponse(Navigation::getURLForBlock('Profiles', 'Login') . '?queryString=' . $queryString)); } // specific groups for auth? if (!empty($data['auth_groups'])) { $inGroup = false; foreach ($data['auth_groups'] as $group) { if (FrontendAuthenticationModel::getProfile()->isInGroup($group)) { $inGroup = true; } } if (!$inGroup) { $this->record = Model::getPage(404); } } } } // we need to set the correct id $this->pageId = (int) $this->record['id']; // set headers if this is a 404 page if ($this->pageId == 404) { $this->statusCode = 404; if (extension_loaded('newrelic')) { newrelic_name_transaction('404'); } } // create breadcrumb instance $this->breadcrumb = new Breadcrumb($this->getKernel()); // new footer instance $this->footer = new Footer($this->getKernel()); // process page $this->processPage(); // execute all extras linked to the page $this->processExtras(); // store statistics $this->storeStatistics(); // trigger event Model::triggerEvent('Core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => \SpoonSession::getSessionId(), 'visitorId' => Model::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER)); }
public function __construct() { parent::__construct(); // set tracking cookie FrontendModel::getVisitorId(); // add reference Spoon::set('page', $this); // get pageId for requested URL $this->pageId = FrontendNavigation::getPageId(implode('/', $this->URL->getPages())); // set headers if this is a 404 page if ($this->pageId == 404) { $this->statusCode = 404; } // create breadcrumb instance $this->breadcrumb = new FrontendBreadcrumb(); // create header instance $this->header = new FrontendHeader(); // new footer instance $this->footer = new FrontendFooter(); // get pagecontent $this->getPageContent(); // process page $this->processPage(); // execute all extras linked to the page $this->processExtras(); // store statistics $this->storeStatistics(); // display $this->display(); // trigger event FrontendModel::triggerEvent('core', 'after_page_processed', array('id' => $this->getId(), 'record' => $this->getRecord(), 'statusCode' => $this->getStatusCode(), 'sessionId' => SpoonSession::getSessionId(), 'visitorId' => FrontendModel::getVisitorId(), 'SESSION' => $_SESSION, 'COOKIE' => $_COOKIE, 'GET' => $_GET, 'POST' => $_POST, 'SERVER' => $_SERVER)); }
/** * Get the visitor's id (using a tracking cookie) * * @return string */ public static function getVisitorId() { // check if tracking id is fetched already if (self::$visitorId !== null) { return self::$visitorId; } // get/init tracking identifier self::$visitorId = CommonCookie::exists('track') && !empty($_COOKIE['track']) ? (string) CommonCookie::get('track') : md5(uniqid() . \SpoonSession::getSessionId()); if (!self::get('fork.settings')->get('Core', 'show_cookie_bar', false) || CommonCookie::hasAllowedCookies()) { CommonCookie::set('track', self::$visitorId, 86400 * 365); } return self::getVisitorId(); }
/** * Validate the form. */ private function validateForm() { // submitted if ($this->frm->isSubmitted()) { // does the key exists? if (\SpoonSession::exists('formbuilder_' . $this->item['id'])) { // calculate difference $diff = time() - (int) \SpoonSession::get('formbuilder_' . $this->item['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->addError(FL::err('FormTimeout')); } } // validate fields foreach ($this->item['fields'] as $field) { // field name $fieldName = 'field' . $field['id']; // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // loop other validations foreach ($field['validations'] as $rule => $settings) { // already has an error so skip if ($this->frm->getField($fieldName)->getErrors() !== null) { continue; } // required if ($rule == 'required') { $this->frm->getField($fieldName)->isFilled($settings['error_message']); } elseif ($rule == 'email') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isEmail($settings['error_message']); } } elseif ($rule == 'numeric') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isNumeric($settings['error_message']); } } elseif ($rule == 'time') { $regexTime = '/^(([0-1][0-9]|2[0-3]|[0-9])|([0-1][0-9]|2[0-3]|[0-9])(:|h)[0-5]?[0-9]?)$/'; if (!\SpoonFilter::isValidAgainstRegexp($regexTime, $this->frm->getField($fieldName)->getValue())) { $this->frm->getField($fieldName)->setError($settings['error_message']); } } } } // valid form if ($this->frm->isCorrect()) { // item $data['form_id'] = $this->item['id']; $data['session_id'] = \SpoonSession::getSessionId(); $data['sent_on'] = FrontendModel::getUTCDate(); $data['data'] = serialize(array('server' => $_SERVER)); // insert data $dataId = FrontendFormBuilderModel::insertData($data); // init fields array $fields = array(); // loop all fields foreach ($this->item['fields'] as $field) { // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // field data $fieldData['data_id'] = $dataId; $fieldData['label'] = $field['settings']['label']; $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue(); if ($field['type'] == 'radiobutton') { $values = array(); foreach ($field['settings']['values'] as $value) { $values[$value['value']] = $value['label']; } $fieldData['value'] = $values[$fieldData['value']]; } // clean up if (is_array($fieldData['value']) && empty($fieldData['value'])) { $fieldData['value'] = null; } // serialize if ($fieldData['value'] !== null) { $fieldData['value'] = serialize($fieldData['value']); } // save fields data $fields[$field['id']] = $fieldData; // insert FrontendFormBuilderModel::insertDataField($fieldData); } $this->get('event_dispatcher')->dispatch(FormBuilderEvents::FORM_SUBMITTED, new FormBuilderSubmittedEvent($this->item, $fields, $dataId)); // trigger event FrontendModel::triggerEvent('FormBuilder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId())); // store timestamp in session so we can block excessive usage \SpoonSession::set('formbuilder_' . $this->item['id'], time()); // redirect $redirect = SITE_URL . $this->URL->getQueryString(); $redirect .= stripos($redirect, '?') === false ? '?' : '&'; $redirect .= 'identifier=' . $this->item['identifier']; $redirect .= '#' . $this->formName; throw new RedirectException('Redirect', new RedirectResponse($redirect)); } else { // not correct, show errors // global form errors set if ($this->frm->getErrors() != '') { $this->tpl->assign('formBuilderError', $this->frm->getErrors()); } else { // general error $this->tpl->assign('formBuilderError', FL::err('FormError')); } } } }
/** * Get the visitor's id (using a tracking cookie) * * @return string */ public static function getVisitorId() { // check if tracking id is fetched already if (self::$visitorId !== null) { return self::$visitorId; } // get/init tracking identifier self::$visitorId = CommonCookie::exists('track') ? (string) CommonCookie::get('track') : md5(uniqid() . SpoonSession::getSessionId()); // set/prolong tracking cookie CommonCookie::set('track', self::$visitorId, 86400 * 365); return self::getVisitorId(); }
/** * Logout a profile. */ public static function logout() { // delete session records FrontendModel::getContainer()->get('database')->delete('profiles_sessions', 'session_id = ?', array(\SpoonSession::getSessionId())); // set is_logged_in to false \SpoonSession::set('frontend_profile_logged_in', false); // delete cookie CommonCookie::delete('frontend_profile_secret_key'); }
/** * Get a token * * @return string */ public function getToken() { // no token available? if (!SpoonSession::exists('form_token')) { // generate a token $token = md5(SpoonSession::getSessionId() . rand(0, 999) . time()); // store in session SpoonSession::set('form_token', $token); } // return return SpoonSession::get('form_token'); }