/**
* Run the controller and parse the password template
*/
public function run()
{
/** @var \BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_password');
if (\Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = \Input::postUnsafeRaw('password');
$cnf = \Input::postUnsafeRaw('confirm');
// The passwords do not match
if ($pw != $cnf) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (utf8_strlen($pw) < \Config::get('minPasswordLength')) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
} elseif ($pw == $this->User->username) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (\Encryption::verify($pw, $this->User->password)) {
\Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$this->loadDataContainer('tl_user');
// Trigger the save_callback
if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) {
foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$pw = $this->{$callback[0]}->{$callback[1]}($pw);
} elseif (is_callable($callback)) {
$pw = $callback($pw);
}
}
}
$objUser = \UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = \Encryption::hash($pw);
$objUser->save();
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('' . $GLOBALS['TL_CONFIG']['backendPath'] . '/main.php');
}
}
$this->reload();
}
$objTemplate->theme = \Backend::getTheme();
$objTemplate->messages = \Message::generate();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$objTemplate->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
$objTemplate->output();
}
/**
* Run the controller and parse the password template
*/
public function run()
{
$this->Template = new BackendTemplate('be_password');
if (Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = Input::post('password');
$cnf = Input::post('confirm');
// Do not allow special characters
if (preg_match('/[#\\(\\)\\/<=>]/', html_entity_decode(Input::post('password')))) {
Message::addError($GLOBALS['TL_LANG']['ERR']['extnd']);
} elseif ($pw != $cnf) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (utf8_strlen($pw) < $GLOBALS['TL_CONFIG']['minPasswordLength']) {
Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength']));
} elseif ($pw == $this->User->username) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
list(, $strSalt) = explode(':', $this->User->password);
$strPassword = sha1($strSalt . $pw);
// Make sure the password has been changed
if ($strPassword . ':' . $strSalt == $this->User->password) {
Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$strSalt = substr(md5(uniqid(mt_rand(), true)), 0, 23);
$strPassword = sha1($strSalt . $pw);
$objUser = UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = $strPassword . ':' . $strSalt;
$objUser->save();
Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('contao/main.php');
}
}
$this->reload();
}
$this->Template->theme = $this->getTheme();
$this->Template->messages = Message::generate();
$this->Template->base = Environment::get('base');
$this->Template->language = $GLOBALS['TL_LANGUAGE'];
$this->Template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$this->Template->charset = $GLOBALS['TL_CONFIG']['characterSet'];
$this->Template->action = ampersand(Environment::get('request'));
$this->Template->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$this->Template->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$this->Template->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
$this->Template->output();
}
/**
* Resolve the user from the session.
*
* @return \UserModel
*
* @internal
*/
public function resolveBackendUser()
{
if (TL_MODE == 'FE') {
// request the BE_USER_AUTH login status
$hash = $this->input->cookie(self::COOKIE_NAME);
// Check the cookie hash
if ($this->validateHash($hash)) {
$session = $this->database->prepare("SELECT * FROM tl_session WHERE hash=? AND name=?")->execute($hash, self::COOKIE_NAME);
// Try to find the session in the database
if ($session->next() && $this->validateUserSession($hash, $session)) {
$userId = $session->pid;
$user = \UserModel::findByPk($userId);
return $user;
}
}
}
return null;
}
/**
* Run the controller and parse the password template
*/
public function run()
{
$this->Template = new BackendTemplate('be_password');
if (Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = Input::post('password', true);
$cnf = Input::post('confirm', true);
// The passwords do not match
if ($pw != $cnf) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (utf8_strlen($pw) < $GLOBALS['TL_CONFIG']['minPasswordLength']) {
Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength']));
} elseif ($pw == $this->User->username) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (crypt($pw, $this->User->password) == $this->User->password) {
Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$objUser = UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = Encryption::hash($pw);
$objUser->save();
Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('contao/main.php');
}
}
$this->reload();
}
$this->Template->theme = $this->getTheme();
$this->Template->messages = Message::generate();
$this->Template->base = Environment::get('base');
$this->Template->language = $GLOBALS['TL_LANGUAGE'];
$this->Template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$this->Template->charset = $GLOBALS['TL_CONFIG']['characterSet'];
$this->Template->action = ampersand(Environment::get('request'));
$this->Template->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$this->Template->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$this->Template->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
$this->Template->output();
}
public function renderRow($row, $label)
{
$intEditTime = $row['last_activity'] - $row['login_time'];
$strActivity = $row['do_activity'];
if (isset($GLOBALS['TL_LANG']['MOD'][$row['do_activity']]) && is_array($GLOBALS['TL_LANG']['MOD'][$row['do_activity']])) {
$strActivity = $GLOBALS['TL_LANG']['MOD'][$row['do_activity']][0];
}
if (isset($GLOBALS['time_tracker'][$row['pid']][date('d.m.Y', $row['last_activity'])])) {
$intUserTime = $GLOBALS['time_tracker'][$row['pid']][date('d.m.Y', $row['last_activity'])] + $intEditTime;
} else {
$intUserTime = $intEditTime;
}
$GLOBALS['time_tracker'][$row['pid']][date('d.m.Y', $row['last_activity'])] = $intUserTime;
$objUser = \UserModel::findByPk($row['pid']);
$strIcon = ($objUser->admin == '1' ? 'admin' : 'user') . ($row['logout_time'] > 0 ? '_' : '');
$label = sprintf($this->rowTemplate, $strIcon, $objUser->name, date('d.m. H:i', $row['login_time']), date('H:i:s', $row['last_activity']), $strActivity, $row['edit_count'], $this->getReadableTime($intEditTime), $this->getReadableTime($intUserTime));
if ($row['logout_time'] > 0) {
$label = '<span style="color:#888;">' . $label . '</span>';
}
return $label;
}
/**
* Check permissions to edit table tl_photoalbums2_archive
*/
public function checkPermission()
{
if ($this->User->isAdmin) {
return;
}
// Set root IDs
if (!is_array($this->User->photoalbums2s) || empty($this->User->photoalbums2s)) {
$root = array(0);
} else {
$root = $this->User->photoalbums2s;
}
$GLOBALS['TL_DCA']['tl_photoalbums2_archive']['list']['sorting']['root'] = $root;
// Check permissions to add archives
if (!$this->User->hasAccess('create', 'photoalbums2p')) {
$GLOBALS['TL_DCA']['tl_photoalbums2_archive']['config']['closed'] = true;
}
// Check current action
switch ($this->Input->get('act')) {
case 'create':
case 'select':
// Allow
break;
case 'edit':
// Dynamically add the record to the user profile
if (!in_array($this->Input->get('id'), $root)) {
$arrNew = $this->Session->get('new_records');
if (is_array($arrNew['tl_photoalbums2_archive']) && in_array($this->Input->get('id'), $arrNew['tl_photoalbums2_archive'])) {
// Add permissions on user level
if ($this->User->inherit == 'custom' || !$this->User->groups[0]) {
$objUser = \UserModel::findByPk($this->User->id);
$arrPhotoalbums2p = deserialize($objUser->photoalbums2p);
if (is_array($arrPhotoalbums2p) && in_array('create', $arrPhotoalbums2p)) {
$arrPhotoalbums2s = deserialize($objUser->photoalbums2s);
$arrPhotoalbums2s[] = $this->Input->get('id');
$objUser->photoalbums2s = serialize($arrPhotoalbums2s);
$objUser->save();
}
} elseif ($this->User->groups[0] > 0) {
$objGroup = \UserGroupModel::findByPk($this->User->groups[0]);
$arrPhotoalbums2p = deserialize($objGroup->photoalbums2p);
if (is_array($arrPhotoalbums2p) && in_array('create', $arrPhotoalbums2p)) {
$arrPhotoalbums2s = deserialize($objGroup->photoalbums2s);
$arrPhotoalbums2s[] = $this->Input->get('id');
$objGroup->photoalbums2s = serialize($arrPhotoalbums2s);
$objGroup->save();
}
}
// Add new element to the user object
$root[] = $this->Input->get('id');
$this->User->photoalbums2s = $root;
}
}
// No break;
// No break;
case 'copy':
case 'delete':
case 'show':
if (!in_array($this->Input->get('id'), $root) || $this->Input->get('act') == 'delete' && !$this->User->hasAccess('delete', 'photoalbums2p')) {
$this->log('Not enough permissions to ' . $this->Input->get('act') . ' photoalbums2 archive ID "' . $this->Input->get('id') . '"', 'tl_photoalbums2_archive checkPermission', TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
break;
case 'editAll':
case 'deleteAll':
case 'overrideAll':
$session = $this->Session->getData();
if ($this->Input->get('act') == 'deleteAll' && !$this->User->hasAccess('delete', 'photoalbums2p')) {
$session['CURRENT']['IDS'] = array();
} else {
$session['CURRENT']['IDS'] = array_intersect($session['CURRENT']['IDS'], $root);
}
$this->Session->setData($session);
break;
default:
if (strlen($this->Input->get('act'))) {
$this->log('Not enough permissions to ' . $this->Input->get('act') . ' photoalbums2 archives', 'tl_photoalbums2_archive checkPermission', TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
break;
}
}
protected function commentsController()
{
$returnarray['error'] = $this->errorcode(0);
$returnarray['changes'] = 1;
$getTs = \Input::get($this->request['ts']);
$getId = \Input::get($this->request['id']);
$returnarray['ts'] = isset($getTs) ? $getTs : 0;
if (isset($getId)) {
if (\Input::get($this->request['action']) == 'add') {
$comment = $_REQUEST[$this->request['comment']];
$name = $_REQUEST[$this->request['name']];
$email = $_REQUEST[$this->request['email']];
$key = $_REQUEST[$this->request['key']];
if (!$comment || $comment == "" || !$name || !$email) {
$returnarray['error'] = $this->errorcode(30);
} elseif (!\Validator::isEmail($email)) {
$returnarray['error'] = $this->errorcode(31);
} else {
$ts = time();
$arrInsert = array('tstamp' => $ts, 'source' => 'tl_news', 'parent' => $getId, 'date' => $ts, 'name' => $name, 'email' => $email, 'comment' => trim($comment), 'published' => $this->settings['news_moderate'] == 1 ? 0 : 1, 'ip' => \Environment::get('remote_addr'));
$objComment = new \CommentsModel();
$objComment->setRow($arrInsert)->save();
if ($objComment->id) {
$strComment = $_REQUEST[$this->request['comment']];
$strComment = strip_tags($strComment);
$strComment = \String::decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
$objTemplate = new \FrontendTemplate('kommentar_email');
$objTemplate->name = $arrInsert['name'] . ' (' . $arrInsert['email'] . ')';
$objTemplate->comment = $strComment;
$objTemplate->edit = \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=comments&act=edit&id=' . $objComment->id;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $objTemplate->parse();
if ($GLOBALS['TL_ADMIN_EMAIL'] != '') {
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
}
$returnarray['error'] = $this->errorcode(0);
$returnarray['ts'] = $ts;
$returnarray['comment_id'] = $objComment->id;
$returnarray['changes'] = 1;
$returnarray['status'] = $this->settings['news_moderate'] == 1 ? 'Kommentar wird geprüft.' : "Kommentar veröffentlicht.";
} else {
$returnarray['error'] = $this->errorcode(31);
}
}
} else {
$post = $this->getComment($getId);
if ($post['commentStatus'] == 'open') {
$returnarray['comment_status'] = $post['commentStatus'];
$returnarray['comments_count'] = $post['commentsCount'];
$returnarray['REQUEST_TOKEN'] = REQUEST_TOKEN;
if ($post['commentsCount'] > 0) {
$pos = 0;
foreach ($post['items'] as $comment) {
$tempArray = array();
$tempArray['pos'] = ++$pos;
$tempArray['id'] = $comment->id;
$tempArray['text'] = strip_tags($comment->comment);
$tempArray['timestamp'] = (int) $comment->date;
if ($tempArray['timestamp'] > $returnarray['ts']) {
$returnarray['ts'] = $tempArray['timestamp'];
$returnarray['changes'] = 1;
}
$tempArray['datum'] = date('d.m.Y, H:i', $tempArray['timestamp']);
$tempArray['author']['name'] = $comment->name;
$tempArray['author']['id'] = "0";
$tempArray['author']['email'] = $comment->email;
$tempArray['author']['img'] = "";
if ($comment->addReply) {
$objUser = \UserModel::findByPk($comment->author);
$tempArray['subitems'] = array(array('pos' => 1, 'id' => 1, 'parent_id' => $comment->id, 'text' => strip_tags($comment->reply), 'timestamp' => (int) $comment->tstamp, 'datum' => date('d.m.Y, H:i', $comment->tstamp), 'author' => array('name' => $objUser->name, 'id' => $objUser->id, 'email' => $objUser->email, 'img' => "")));
}
$returnarray['items'][] = $tempArray;
}
if ($returnarray['changes'] != 1) {
unset($returnarray['items']);
}
}
} else {
$returnarray['error'] = $this->errorcode(29);
}
}
} else {
$returnarray['error'] = $this->errorcode(15);
}
return array('comments' => $returnarray);
}
/**
* Get the user avatar
* @param integer
* @param integer
* @param integer
* @return string
*/
public static function getUser($intId, $intWidth = null, $intHeight = null)
{
$objUser = \UserModel::findByPk($intId);
// Use the default size
if (!$intWidth || !$intHeight) {
list($intWidth, $intHeight) = static::getUserSize();
}
// Use the Gravatar
if ($objUser->avatar_gravatar) {
return static::getGravatar($objUser->email, $intWidth);
}
$strFile = static::find($intId, static::getUserPath());
// Use placeholder user has no avatar
if ($strFile == '') {
if (\Config::get('avatar_user_placeholder') == '') {
return '';
}
$objFile = \FilesModel::findByUuid(\Config::get('avatar_user_placeholder'));
if ($objFile === null || !is_file(TL_ROOT . '/' . $objFile->path)) {
return '';
}
$strFile = $objFile->path;
}
return \Image::get($strFile, $intWidth, $intHeight);
}
/**
* revise tables
* @param $albumId
* @param bool $blnCleanDb
*/
public static function reviseTables($albumId, $blnCleanDb = false)
{
$_SESSION['GC_ERROR'] = array();
//Upload-Verzeichnis erstellen, falls nicht mehr vorhanden
new \Folder(GALLERY_CREATOR_UPLOAD_PATH);
// Get album model
$objAlbum = \MCupic\GalleryCreatorAlbumsModel::findByPk($albumId);
if ($objAlbum === null) {
return;
}
// Check for valid album owner
$objUser = \UserModel::findByPk($objAlbum->owner);
if ($objUser !== null) {
$owner = $objUser->name;
} else {
$owner = "no-name";
}
$objAlbum->owners_name = $owner;
$objAlbum->save();
// Check for valid pid
if ($objAlbum->pid > 0) {
$objParentAlb = $objAlbum->getRelated('pid');
if ($objParentAlb === null) {
$objAlbum->pid = null;
$objAlbum->save();
}
}
if (\Database::getInstance()->fieldExists('path', 'tl_gallery_creator_pictures')) {
// Datensaetzen ohne gültige uuid über den Feldinhalt path versuchen zu "retten"
$objPictures = \GalleryCreatorPicturesModel::findByPid($albumId);
if ($objPictures !== null) {
while ($objPictures->next()) {
// Get parent album
$objFile = \FilesModel::findByUuid($objPictures->uuid);
if ($objFile === null) {
if ($objPictures->path != '') {
if (is_file(TL_ROOT . '/' . $objPictures->path)) {
$objModel = \Dbafs::addResource($objPictures->path);
if (\Validator::isUuid($objModel->uuid)) {
$objPictures->uuid = $objModel->uuid;
$objPictures->save();
continue;
}
}
}
if ($blnCleanDb !== false) {
$msg = ' Deleted Datarecord with ID ' . $objPictures->id . '.';
$_SESSION['GC_ERROR'][] = $msg;
$objPictures->delete();
} else {
//show the error-message
$path = $objPictures->path != '' ? $objPictures->path : 'unknown path';
$_SESSION['GC_ERROR'][] = sprintf($GLOBALS['TL_LANG']['ERR']['link_to_not_existing_file_1'], $objPictures->id, $path, $objAlbum->alias);
}
} elseif (!is_file(TL_ROOT . '/' . $objFile->path)) {
// If file has an entry in Dbafs, but doesn't exist on the server anymore
if ($blnCleanDb !== false) {
$msg = 'Deleted Datarecord with ID ' . $objPictures->id . '.';
$_SESSION['GC_ERROR'][] = $msg;
$objPictures->delete();
} else {
$_SESSION['GC_ERROR'][] = sprintf($GLOBALS['TL_LANG']['ERR']['link_to_not_existing_file_1'], $objPictures->id, $objFile->path, $objAlbum->alias);
}
} else {
// Pfadangaben mit tl_files.path abgleichen (Redundanz)
if ($objPictures->path != $objFile->path) {
$objPictures->path = $objFile->path;
$objPictures->save();
}
}
}
}
}
/**
* Sorgt dafuer, dass in tl_content im Feld gc_publish_albums keine verwaisten AlbumId's vorhanden sind
* Prueft, ob die im Inhaltselement definiertern Alben auch noch existieren.
* Wenn nein, werden diese aus dem Array entfernt.
*/
$objCont = \Database::getInstance()->prepare('SELECT id, gc_publish_albums FROM tl_content WHERE type=?')->execute('gallery_creator');
while ($objCont->next()) {
$newArr = array();
$arrAlbums = unserialize($objCont->gc_publish_albums);
if (is_array($arrAlbums)) {
foreach ($arrAlbums as $AlbumID) {
$objAlb = \Database::getInstance()->prepare('SELECT id FROM tl_gallery_creator_albums WHERE id=?')->limit('1')->execute($AlbumID);
if ($objAlb->next()) {
$newArr[] = $AlbumID;
}
}
}
\Database::getInstance()->prepare('UPDATE tl_content SET gc_publish_albums=? WHERE id=?')->execute(serialize($newArr), $objCont->id);
}
}
/**
* List a single record
*/
protected function listSingleRecord()
{
global $objPage;
/**
* Prepare URL
*/
$page_get = 'page_fd' . $this->id;
$strUrl = preg_replace('/\\?.*$/', '', urldecode(\Environment::get('request')));
$strUrlParams = '';
$blnQuery = false;
foreach (preg_split('/&(amp;)?/', urldecode($_SERVER['QUERY_STRING'])) as $fragment) {
if (strlen($fragment)) {
if (strncasecmp($fragment, 'file', 5) !== 0 && strncasecmp($fragment, $this->strDetailKey, strlen($this->strDetailKey)) !== 0 && strncasecmp($fragment, 'order_by', 8) !== 0 && strncasecmp($fragment, 'sort', 4) !== 0 && strncasecmp($fragment, $page_get, strlen($page_get)) !== 0) {
$strUrlParams .= (!$blnQuery ? '' : '&') . $fragment;
$blnQuery = true;
}
}
}
// check record
if (intval($this->intRecordId) < 1) {
$strRed = preg_replace(array('/\\/' . $this->strDetailKey . '\\/' . \Input::get($this->strDetailKey) . '/i', '/' . $this->strDetailKey . '=' . \Input::get($this->strDetailKey) . '/i'), array('', ''), $strUrl) . (strlen($strUrlParams) ? '?' . $strUrlParams : '');
\Controller::redirect($strRed);
}
// check access
if (strlen($this->efg_list_access) && $this->efg_list_access != 'public') {
$objOwner = \Database::getInstance()->prepare("SELECT fd_member FROM tl_formdata WHERE id=?")->execute($this->intRecordId);
$varOwner = $objOwner->fetchAssoc();
if (!in_array(intval($varOwner['fd_member']), $this->arrAllowedOwnerIds)) {
$strRed = preg_replace(array('/\\/' . $this->strDetailKey . '\\/' . \Input::get($this->strDetailKey) . '/i', '/' . $this->strDetailKey . '=' . \Input::get($this->strDetailKey) . '/i'), array('', ''), $strUrl) . (strlen($strUrlParams) ? '?' . $strUrlParams : '');
\Controller::redirect($strRed);
}
}
// check edit access
$blnEditAllowed = false;
if ($this->efg_fe_edit_access == 'none') {
$blnEditAllowed = false;
} elseif ($this->efg_fe_edit_access == 'public') {
$blnEditAllowed = true;
} elseif (strlen($this->efg_fe_edit_access)) {
$objOwner = \Database::getInstance()->prepare("SELECT fd_member FROM tl_formdata WHERE id=?")->execute($this->intRecordId);
$varOwner = $objOwner->fetchAssoc();
if (in_array(intval($varOwner['fd_member']), $this->arrAllowedEditOwnerIds)) {
$blnEditAllowed = true;
}
}
// check delete access
$blnDeleteAllowed = false;
if ($this->efg_fe_delete_access == 'none') {
$blnDeleteAllowed = false;
} elseif ($this->efg_fe_delete_access == 'public') {
$blnDeleteAllowed = true;
} elseif (strlen($this->efg_fe_delete_access)) {
$objOwner = \Database::getInstance()->prepare("SELECT fd_member FROM tl_formdata WHERE id=?")->execute($this->intRecordId);
$varOwner = $objOwner->fetchAssoc();
if (in_array(intval($varOwner['fd_member']), $this->arrAllowedDeleteOwnerIds)) {
$blnDeleteAllowed = true;
}
}
// check export access
$blnExportAllowed = false;
if ($this->efg_fe_export_access == 'none') {
$blnExportAllowed = false;
} elseif ($this->efg_fe_export_access == 'public') {
$blnExportAllowed = true;
} elseif (strlen($this->efg_fe_export_access)) {
$objOwner = \Database::getInstance()->prepare("SELECT fd_member FROM tl_formdata WHERE id=?")->execute($this->intRecordId);
$varOwner = $objOwner->fetchAssoc();
if (in_array(intval($varOwner['fd_member']), $this->arrAllowedExportOwnerIds)) {
$blnExportAllowed = true;
}
}
$allowedDownload = trimsplit(',', strtolower($GLOBALS['TL_CONFIG']['allowedDownload']));
// Fallback template
if ($this->list_info_layout == '') {
$this->list_info_layout = 'info_fd_table_default';
}
$this->Template = new \FrontendTemplate($this->list_info_layout);
$this->Template->textlink_details = $GLOBALS['TL_LANG']['tl_formdata']['fe_link_details'];
$this->Template->textlink_edit = $GLOBALS['TL_LANG']['tl_formdata']['fe_link_edit'];
$this->Template->textlink_delete = $GLOBALS['TL_LANG']['tl_formdata']['fe_link_delete'];
$this->Template->text_confirmDelete = $GLOBALS['TL_LANG']['tl_formdata']['fe_deleteConfirm'];
$this->Template->textlink_export = $GLOBALS['TL_LANG']['tl_formdata']['fe_link_export'];
$this->Template->iconFolder = $this->strIconFolder;
$this->Template->editAllowed = $blnEditAllowed;
$this->Template->deleteAllowed = $blnDeleteAllowed;
$this->Template->exportAllowed = $blnExportAllowed;
$this->list_info = deserialize($this->list_info);
$this->Template->record = array();
// also store as single item
$this->Template->listItem = array();
$arrListFields = explode(',', $this->list_info);
$strSep = '';
// wildcards * and -
if ($arrListFields[0] == '*') {
$arrTempFields = array_merge($this->arrBaseFields, $this->arrDetailFields);
foreach ($arrListFields as $field) {
if (substr($field, 0, 1) == '-') {
$intKey = array_search(substr($field, 1), $arrTempFields);
if (!is_bool($intKey)) {
unset($arrTempFields[$intKey]);
}
}
}
$arrListFields = $arrTempFields;
}
$strQuery = "SELECT ";
$strWhere = '';
foreach ($arrListFields as $field) {
if (in_array($field, $this->arrBaseFields)) {
$strQuery .= $strSep . $field;
$strSep = ', ';
}
if (!empty($this->arrDetailFields) && in_array($field, $this->arrDetailFields)) {
$strQuery .= $strSep . '(SELECT value FROM tl_formdata_details WHERE ff_name="' . $field . '" AND pid=f.id ) AS `' . $field . '`';
$strSep = ', ';
}
}
$strQuery .= " FROM " . $this->list_table . " f";
$strWhere .= (strlen($strWhere) ? " AND " : " WHERE ") . "id=?";
$strQuery .= $strWhere;
$objRecord = \Database::getInstance()->prepare($strQuery)->limit(1)->execute($this->intRecordId);
if ($objRecord->numRows < 1) {
return;
}
$arrFields = array();
$arrRow = $objRecord->fetchAssoc();
$count = -1;
$strLinkEdit = '';
if ($blnEditAllowed) {
if (strlen($arrRow['alias']) && !$GLOBALS['TL_CONFIG']['disableAlias']) {
$strLinkEdit = $strUrl . '?act=edit' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
} else {
$strLinkEdit = $strUrl . '?' . $this->strDetailKey . '=' . $this->intRecordId . '&act=edit' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
}
}
$strLinkDelete = '';
if ($blnDeleteAllowed) {
if (strlen($arrRow['alias']) && !$GLOBALS['TL_CONFIG']['disableAlias']) {
$strLinkDelete = $strUrl . '?act=delete' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
} else {
$strLinkDelete = $strUrl . '?' . $this->strDetailKey . '=' . $this->intRecordId . '&act=delete' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
}
}
$strLinkExport = '';
if ($blnExportAllowed) {
if (strlen($arrRow['alias']) && !$GLOBALS['TL_CONFIG']['disableAlias']) {
$strLinkExport = $strUrl . '?act=export' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
} else {
$strLinkExport = $strUrl . '?' . $this->strDetailKey . '=' . $this->intRecordId . '&act=export' . (strlen($strUrlParams) ? '&' . $strUrlParams : '');
}
}
$arrItem = array();
foreach ($arrListFields as $intKey => $strVal) {
$k = $strVal;
$v = $arrRow[$k];
$value = $this->formatValue($k, $v);
$v = deserialize(\String::decodeEntities($v));
if ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['inputType'] == 'fileTree' && $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['multiple'] == true) {
$v = is_string($v) && strpos($v, '|') !== false ? explode('|', $v) : deserialize($v);
}
$class = 'row_' . ++$count . ($count == 0 ? ' row_first' : '') . ($count >= count($arrListFields) - 1 ? ' row_last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
// add CSS class defined in form generator
if (isset($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['ff_class']) && strlen($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['ff_class'])) {
$class .= ' ' . $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['ff_class'];
}
$arrFields[$class] = array('label' => strlen($label = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['label'][0]) ? htmlspecialchars($label) : htmlspecialchars($this->arrFF[$k]['label']), 'content' => $value, 'raw' => $v);
$arrItem[$k] = array('name' => $k, 'label' => strlen($label = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['label'][0]) ? htmlspecialchars($label) : htmlspecialchars($this->arrFF[$k]['label']), 'content' => $value, 'raw' => $v, 'class' => str_replace('row_', 'field_', $class));
if ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['inputType'] == 'fileTree') {
if (is_dir(TL_ROOT . '/' . $arrFields[$class]['content'])) {
$arrFields[$class]['content'] = ' ';
$arrItem[$k]['content'] = ' ';
} elseif (!is_array($arrFields[$class]['raw']) && strlen($arrFields[$class]['raw']) && is_file(TL_ROOT . '/' . $arrFields[$class]['raw'])) {
$objFile = new \File($arrFields[$class]['content']);
if (!in_array($objFile->extension, $allowedDownload)) {
$arrFields[$class]['content'] = ' ';
$arrItem[$k]['content'] = ' ';
} else {
$arrFields[$class]['type'] = 'file';
$arrFields[$class]['src'] = $this->urlEncode($arrFields[$class]['content']);
$arrItem[$k]['type'] = 'file';
$arrItem[$k]['src'] = $this->urlEncode($arrFields[$class]['content']);
if (substr($objFile->mime, 0, 6) == 'image/') {
$arrFields[$class]['display'] = 'image';
$arrItem[$k]['display'] = 'image';
} else {
$size = ' (' . number_format($objFile->filesize / 1024, 1, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' kB)';
$href = preg_replace('@(\\?|&)download=.*?(&|$)@si', '', \Environment::get('request'));
$href .= (strpos($href, '?') >= 1 ? '&' : '?') . 'download=' . $this->intRecordId . '.' . $k;
$href = ampersand($href);
$arrFields[$class]['display'] = 'download';
$arrFields[$class]['size'] = $size;
$arrFields[$class]['href'] = $href;
$arrFields[$class]['linkTitle'] = basename($objFile->basename);
$arrFields[$class]['icon'] = $this->strIconFolder . '/' . $objFile->icon;
$arrItem[$k]['display'] = 'download';
$arrItem[$k]['size'] = $size;
$arrItem[$k]['href'] = $href;
$arrItem[$k]['linkTitle'] = basename($objFile->basename);
$arrItem[$k]['icon'] = $this->strIconFolder . '/' . $objFile->icon;
}
}
} elseif (is_array($arrFields[$class]['raw'])) {
$arrTemp = array();
$keyTemp = -1;
$arrFields[$class]['type'] = 'file';
$arrItem[$k]['type'] = 'file';
foreach ($arrFields[$class]['raw'] as $kF => $strFile) {
if (strlen($strFile) && is_file(TL_ROOT . '/' . $strFile)) {
$objFile = new \File($strFile);
if (!in_array($objFile->extension, $allowedDownload)) {
unset($arrFields[$class]['raw'][$kF]);
continue;
} else {
$keyTemp++;
$arrTemp[$keyTemp]['src'] = $this->urlEncode($strFile);
if (substr($objFile->mime, 0, 6) == 'image/') {
$arrTemp[$keyTemp]['display'] = 'image';
} else {
$size = ' (' . number_format($objFile->filesize / 1024, 1, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' kB)';
$href = preg_replace('@(\\?|&)download=.*?(&|$)@si', '', \Environment::get('request'));
$href .= (strpos($href, '?') >= 1 ? '&' : '?') . 'download=' . $this->intRecordId . '.' . $k;
$href = ampersand($href);
$arrTemp[$keyTemp]['display'] = 'download';
$arrTemp[$keyTemp]['size'] = $size;
$arrTemp[$keyTemp]['href'] = $href;
$arrTemp[$keyTemp]['linkTitle'] = basename($objFile->basename);
$arrTemp[$keyTemp]['icon'] = $this->strIconFolder . '/' . $objFile->icon;
}
}
}
}
$arrFields[$class]['content'] = $arrTemp;
$arrItem[$k]['content'] = $arrTemp;
$arrFields[$class]['multiple'] = true;
$arrFields[$class]['number_of_items'] = count($arrTemp);
$arrItem[$k]['multiple'] = true;
$arrItem[$k]['number_of_items'] = count($arrTemp);
unset($arrTemp);
}
}
}
/**
* Prepare URL
*/
$strUrl = preg_replace('/\\?.*$/', '', urldecode(\Environment::get('request')));
$this->Template->url = $strUrl;
$this->Template->listItem = $arrItem;
$this->Template->record = $arrFields;
$this->Template->recordID = $this->intRecordId;
$this->Template->link_edit = $strLinkEdit;
$this->Template->link_delete = $strLinkDelete;
$this->Template->link_export = $strLinkExport;
/**
* Comments
*/
if (!$this->efg_com_allow_comments || !in_array('comments', \ModuleLoader::getActive())) {
$this->Template->allowComments = false;
return;
}
$this->Template->allowComments = true;
// Adjust the comments headline level
$intHl = min(intval(str_replace('h', '', $this->hl)), 5);
$this->Template->hlc = 'h' . ($intHl + 1);
$this->import('Comments');
$arrNotifies = array();
// Notify system administrator
if ($this->efg_com_notify != 'notify_author') {
$arrNotifies[] = $GLOBALS['TL_ADMIN_EMAIL'];
}
// Notify author
if ($this->efg_com_notify != 'notify_admin') {
if (intval($objRecord->fd_user) > 0) {
$objUser = \UserModel::findByPk($objRecord->fd_user);
if ($objUser !== null && !empty($objUser->email)) {
$arrNotifies[] = $objUser->email;
}
}
if (intval($objRecord->fd_member) > 0) {
$objMember = \MemberModel::findByPk($objRecord->fd_member);
if ($objMember !== null && !empty($objMember->email)) {
$arrNotifies[] = $objMember->email;
}
}
}
$objConfig = new \stdClass();
$objConfig->perPage = $this->efg_com_per_page;
$objConfig->order = $this->com_order;
$objConfig->template = $this->com_template;
$objConfig->requireLogin = $this->com_requireLogin;
$objConfig->disableCaptcha = $this->com_disableCaptcha;
$objConfig->bbcode = $this->com_bbcode;
$objConfig->moderate = $this->com_moderate;
$this->Comments->addCommentsToTemplate($this->Template, $objConfig, 'tl_formdata', $this->intRecordId, $arrNotifies);
}
/**
* input-field-callback generate image information
* Returns the html-table-tag containing some picture informations
*
* @param DataContainer $dc
* @return string
*/
public function inputFieldCbGenerateImageInformation(DataContainer $dc)
{
$objImg = GalleryCreatorPicturesModel::findByPk($dc->id);
$objUser = UserModel::findByPk($objImg->owner);
$oFile = FilesModel::findByUuid($objImg->uuid);
$output = '
<div class="album_infos">
<br><br>
<table cellpadding="0" cellspacing="0" width="100%" summary="">
<tr class="odd">
<td style="width:20%"><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['pid'][0] . ': </strong></td>
<td>' . $objImg->id . '</td>
</tr>
<tr>
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['path'][0] . ': </strong></td>
<td>' . $oFile->path . '</td>
</tr>
<tr class="odd">
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['filename'][0] . ': </strong></td>
<td>' . basename($oFile->path) . '</td>
</tr>';
if ($this->restrictedUser) {
$output .= '
<tr>
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['date'][0] . ': </strong></td>
<td>' . Date::parse("Y-m-d", $objImg->date) . '</td>
</tr>
<tr class="odd">
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['owner'][0] . ': </strong></td>
<td>' . ($objUser->name == "" ? "Couldn't find username with ID " . $objImg->owner . " in the db." : $objUser->name) . '</td>
</tr>
<tr>
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['title'][0] . ': </strong></td>
<td>' . $objImg->title . '</td>
</tr>
<tr class="odd">
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['video_href_social'][0] . ': </strong></td>
<td>' . trim($objImg->video_href_social) != "" ? trim($objImg->video_href_social) : "-" . '</td>
</tr>
<tr>
<td><strong>' . $GLOBALS['TL_LANG']['tl_gallery_creator_pictures']['video_id'][0] . ': </strong></td>
<td>' . (trim($objImg->video_href_local) != '' ? trim($objImg->video_href_local) : '-') . '</td>
</tr>';
}
$output .= '
</table>
</div>
';
return $output;
}
/**
* @param $row
* @param $label
* @param DataContainer $dc
* @param $args
* @return mixed
*/
public function labelCallback($row, $label, DataContainer $dc, $args)
{
// Set image
$image = 'protect';
if (\Encryption::decrypt($row['protect']) == '1') {
$image .= '_';
}
$args[0] = sprintf('<div class="list_icon_new" style="background-image:url(\'%ssystem/modules/secure-accessdata/assets/images/%s.gif\')"> </div>', TL_SCRIPT_URL, $image);
// Set User
if (is_numeric($args[3])) {
$objUser = \UserModel::findByPk($args[3]);
if ($objUser !== null) {
$args[3] = $objUser->name;
}
}
switch ($row['type']) {
case 'weblogin':
$args[4] = sprintf('%s<br>%s', \Encryption::decrypt($row['weblogin_name']), \Encryption::decrypt($row['weblogin_pwd']));
break;
case 'contao_login':
$args[4] = sprintf('%s<br>%s', \Encryption::decrypt($row['contao_user']), \Encryption::decrypt($row['contao_pwd']));
break;
case 'encryption_key':
$strEncryptionKey = \Encryption::decrypt($row['encryption_key']);
if (strlen($strEncryptionKey) <= 32) {
$args[4] = $strEncryptionKey;
} else {
$args[4] = substr($strEncryptionKey, 0, 29) . '...';
}
break;
case 'mail':
$args[4] = sprintf('%s<br>%s<br>%s', \Encryption::decrypt($row['mail_email']), \Encryption::decrypt($row['mail_loginname']), \Encryption::decrypt($row['mail_pwd']));
break;
case 'project':
break;
case 'online_project':
break;
}
return $args;
}
/**
* addComments function.
*
* @access public
* @return void
*/
public function addComments($objAlbum)
{
// HOOK: comments extension required
if ($objAlbum->noComments || !in_array('comments', $this->Template->Config->getActiveModules())) {
$this->Template->allowComments = false;
return;
}
// Check whether comments are allowed
$objArchive = \Photoalbums2ArchiveModel::findByPk($objAlbum->pid);
if ($objArchive === null || !$objArchive->allowComments) {
$this->Template->allowComments = false;
return;
}
$this->Template->allowComments = true;
// Adjust the comments headline level
$intHl = min(intval(str_replace('h', '', $this->hl)), 5);
$this->Template->hlc = 'h' . ($intHl + 1);
$this->import('Comments');
$arrNotifies = array();
// Notify system administrator
if ($objArchive->notify != 'notify_author') {
$arrNotifies[] = $GLOBALS['TL_ADMIN_EMAIL'];
}
// Notify author
if ($objArchive->notify != 'notify_admin') {
$objAuthor = \UserModel::findByPk($objAlbum->author);
if ($objAuthor !== null) {
$arrNotifies[] = $objAuthor->email;
}
}
$objConfig = new \stdClass();
$objConfig->perPage = $objArchive->perPage;
$objConfig->order = $objArchive->sortOrder;
$objConfig->template = $this->com_template;
$objConfig->requireLogin = $objArchive->requireLogin;
$objConfig->disableCaptcha = $objArchive->disableCaptcha;
$objConfig->bbcode = $objArchive->bbcode;
$objConfig->moderate = $objArchive->moderate;
$this->Comments->addCommentsToTemplate($this->Template, $objConfig, 'tl_photoalbums2_album', $objAlbum->id, $arrNotifies);
}
public static function getEditor($intLock)
{
if (($objLock = static::findByPk($intLock)) === null) {
return null;
}
return $objLock->editorType == EntityLock::EDITOR_TYPE_MEMBER ? \MemberModel::findByPk($objLock->editor) : \UserModel::findByPk($objLock->editor);
}
