function login_POST(Web &$w)
{
if ($_POST['login'] && $_POST['password']) {
$client_timezone = "Australia/Sydney";
//$_POST['user_timezone'];
$user = $w->Auth->login($_POST['login'], $_POST['password'], $client_timezone);
if ($user) {
if ($w->session('orig_path') != "auth/login") {
$url = $w->session('orig_path');
$w->Log->debug("Original path: " . $url);
// If no url specified, go to the users defined url
if (empty($url) || $url == "/") {
$url = $user->redirect_url;
}
$w->sessionUnset('orig_path');
$w->redirect($w->localUrl($url));
} else {
$w->redirect(!empty($user->redirect_url) ? $w->localUrl($user->redirect_url) : $w->localUrl());
}
} else {
$w->error("Login or Password incorrect", "/auth/login");
}
} else {
$w->error("Please enter your login and password", "/auth/login");
}
}
function attach_POST(Web &$w)
{
$table = $w->request('table');
$id = $w->request('id');
$title = $w->request('title');
$description = $w->request('description');
$type_code = $w->request('type_code');
$url = str_replace(" ", "/", $w->request('url'));
$object = $w->Auth->getObject($table, $id);
if (!$object) {
$w->error("Nothing to attach to.", $url);
}
$aid = $w->service("File")->uploadAttachment("file", $object, $title, $description, $type_code);
if ($aid) {
$w->ctx('attach_id', $aid);
$w->ctx('attach_table', $table);
$w->ctx('attach_table_id', $id);
$w->ctx('attach_title', $title);
$w->ctx('attach_description', $description);
$w->ctx('attach_type_code', $type_code);
$w->msg("File attached.", $url);
} else {
$w->error("There was an error. Attachment could not be saved.", $url);
}
}
function edit_POST(Web $w)
{
$p = $w->pathMatch("id");
$processor_id = $p["id"];
// Break the selected processor up into module and class
$processor_class = $w->request("processor_class");
$processor_expl = explode(".", $processor_class);
// Make sure we only have two values
if (count($processor_expl) !== 2) {
$w->error("Missing Processor values", "/channels/listprocessors");
exit;
}
// make sure the selected class exists in config
if (!in_array($processor_expl[1], $w->moduleConf($processor_expl[0], "processors"))) {
$w->error("Could not find processor in config", "/channels/listprocessors");
exit;
}
$processor_object = $processor_id ? $w->Channel->getProcessor($processor_id) : new ChannelProcessor($w);
$processor_object->fill($_POST);
$processor_object->channel_id = $w->request("channel_id");
$processor_object->module = $processor_expl[0];
$processor_object->class = $processor_expl[1];
$processor_object->insertOrUpdate();
$w->msg("Processor " . ($processor_id ? "updated" : "created"), "/channels/listprocessors");
}
function editworkentry_POST(Web $w)
{
list($workentry_id) = $w->pathMatch("id");
if (empty($workentry_id)) {
$w->error("Missing an ID");
}
$we = $w->Bend->getWorkEntryForId($workentry_id);
if (empty($we)) {
$w->error("No work entry found for this id: " . $workentry_id);
}
$we->fill($_POST);
if (empty($we->user_id)) {
$we->user_id = $w->Auth->user()->id;
}
// now get the category
if (!empty($_POST['category_3'])) {
$we->bend_work_category_id = $_POST['category_3'];
} else {
if (!empty($_POST['category_2'])) {
$we->bend_work_category_id = $_POST['category_2'];
} else {
if (!empty($_POST['category_1'])) {
$we->bend_work_category_id = $_POST['category_1'];
}
}
}
// TODO check work period, etc.
$we->update();
$w->msg("Work hours recorded", "/bend-workhours/list");
}
function delete_ALL(Web $w)
{
$p = $w->pathMatch("id");
if (empty($p['id'])) {
$w->error("Group not found", "/admin-groups");
}
$group = $w->Auth->getUser($p['id']);
if (empty($group->id)) {
$w->error("Group not found", "/admin-groups");
}
$group->delete();
$roles = $group->getRoles();
if (!empty($roles)) {
foreach ($roles as $role) {
$group->removeRole($role);
}
}
$members = $w->Auth->getGroupMembers($option['group_id']);
if ($members) {
foreach ($members as $member) {
$member->delete();
}
}
$w->msg("Group deleted", "/admin-groups");
}
function delete_GET(Web $w)
{
$p = $w->pathMatch("id");
if (empty($p['id'])) {
$w->error("Report template not found", "/report-templates");
}
$report_template = $w->Report->getReportTemplate($p['id']);
if (empty($report_template->id)) {
$w->error("Report template not found", "/report-templates");
}
$report_template->delete();
$w->msg("Report template removed", "/reports/edit/{$report_template->report_id}#templates");
}
function delete_GET(Web $w)
{
$p = $w->pathMatch("id");
if (empty($p["id"])) {
$w->error("No connection ID specified", "/report-connections");
}
$connection = $w->Report->getConnection($p["id"]);
if (empty($connection->id)) {
$w->error("Connection could not be found", "/report-connections");
}
$connection->delete();
$w->msg("Connection deleted", "/report-connections");
}
function deleteoccupant_GET(Web $w)
{
list($householdid, $occupantid) = $w->pathMatch("a", "b");
$household = $w->Bend->getHouseholdForId($householdid);
if (empty($household)) {
$w->error("Household not found");
}
$occupant = $w->Bend->getHouseholdOccupantForId($occupantid);
if (empty($occupant)) {
$w->error("Occupant not found");
}
$occupant->delete();
$w->msg("Occupant deleted", "/bend-household/show/{$householdid}");
}
/**
* Handle User Edit form submission
*
* @param <type> $w
*/
function useredit_POST(Web &$w)
{
$w->pathMatch("id");
$errors = $w->validate(array(array("login", ".+", "Login is mandatory")));
if ($_REQUEST['password'] && $_REQUEST['password'] != $_REQUEST['password2']) {
$error[] = "Passwords don't match";
}
$user = $w->Auth->getObject("User", $w->ctx('id'));
if (!$user) {
$errors[] = "User does not exist";
}
if (sizeof($errors) != 0) {
$w->error(implode("<br/>\n", $errors), "/admin/useredit/" . $w->ctx("id"));
}
$user->login = $_REQUEST['login'];
$user->fill($_REQUEST);
if ($_REQUEST['password']) {
$user->setPassword($_REQUEST['password']);
} else {
$user->password = null;
}
$user->is_admin = isset($_REQUEST['is_admin']) ? 1 : 0;
$user->is_active = isset($_REQUEST['is_active']) ? 1 : 0;
$user->update();
$contact = $user->getContact();
if ($contact) {
$contact->fill($_REQUEST);
$contact->private_to_user_id = null;
$contact->update();
}
$w->callHook("admin", "account_changed", $user);
$w->msg("User " . $user->login . " updated.", "/admin/users");
}
function editlookup_POST(Web &$w)
{
$p = $w->pathMatch("id", "type");
$err = "";
if ($_REQUEST['type'] == "") {
$err = "Please add select a TYPE<br>";
}
if ($_REQUEST['code'] == "") {
$err .= "Please enter a KEY<br>";
}
if ($_REQUEST['title'] == "") {
$err .= "Please enter a VALUE<br>";
}
if ($err != "") {
$w->error($err, "/admin/lookup/?type=" . $p['type']);
} else {
$lookup = $w->Admin->getLookupbyId($p['id']);
if ($lookup) {
$lookup->fill($_REQUEST);
$lookup->update();
$msg = "Lookup Item edited";
} else {
$msg = "Could not find item?";
}
$w->msg($msg, "/admin/lookup/?type=" . $p['type']);
}
}
function showlot_GET(Web $w)
{
list($id) = $w->pathMatch("id");
if (empty($id)) {
$w->error("Need a Lot ID");
}
$lot = $w->Bend->getLotForId($id);
if (empty($lot)) {
$w->error("Lot {$id} does not exist");
}
History::add("Bend Lot: " . $lot->lot_number);
$lotTable = array();
$lotTable["Lot"] = array(array(array("Lot Number", "static", "", $lot->lot_number), array("Occupancy", "static", "", $lot->occupancy)));
$w->ctx("lot", $lot);
$w->ctx("lotTable", Html::multiColTable($lotTable));
$w->ctx("owners", $lot->getAllOwners());
$w->ctx("households", $lot->getAllHouseholds());
}
function deletelotowner_GET(Web $w)
{
list($lotid, $ownerid) = $w->pathMatch("lotid", "ownerid");
if (!empty($lotid)) {
$lot = $w->Bend->getLotForId($lotid);
}
if (empty($lot)) {
$w->error("lot not found");
}
if (!empty($ownerid)) {
$owner = $w->Bend->getBendLotOwnerForId($ownerid);
}
if (empty($owner)) {
$w->error("lot owner not found");
}
$owner->delete();
$w->msg("Owner removed.", "bend-lot/showlot/{$lotid}");
}
function deletehousehold_GET(Web $w)
{
list($lotid, $householdid) = $w->pathMatch("lotid", "housholdid");
if (!empty($lotid)) {
$lot = $w->Bend->getLotForId($lotid);
}
if (empty($lot)) {
$w->error("lot not found");
}
if (!empty($householdid)) {
$household = $w->Bend->getHouseholdForId($householdid);
}
if (empty($household)) {
$w->error("lot owner not found");
}
$household->delete();
$w->msg("Household removed.", "bend-lot/showlot/{$lotid}");
}
function deleteprintfile_GET(Web $w)
{
$filename = strip_tags($_GET["filename"]);
if (file_exists($filename)) {
unlink($filename);
$w->Log->info("File {$filename} deleted");
$w->msg("File deleted", "/admin/printqueue");
}
$w->error("Missing filename", "/admin/printqueue");
}
function editcategory_POST(Web $w)
{
list($id) = $w->pathMatch("a");
$cat = $w->Bend->getWorkCategoryForId($id);
if (empty($cat)) {
$w->error("no category found", "/bend-workhours/admin");
}
$cat->fill($_POST);
$cat->update();
$w->msg("Category updated", "/bend-workhours/admin");
}
function deleteprinter_ALL(Web $w)
{
$p = $w->pathMatch("id");
if (!empty($p["id"])) {
$printer = $w->Printer->getPrinter($p["id"]);
if (!empty($printer->id)) {
$printer->delete();
$w->msg("Printer deleted", "/admin");
}
}
$w->error("Could not find printer", "/admin");
}
function delete_GET(Web $w)
{
$p = $w->pathMatch("id");
$id = $p["id"];
if ($id) {
$channel = $w->Channel->getEmailChannel($id);
$channel->delete();
$w->msg("Channel deleted", "/channels/listchannels");
} else {
$w->error("Could not find channel");
}
}
function editsettings_POST(Web $w)
{
$w->setLayout(null);
$p = $w->pathMatch("id");
$id = $p["id"];
if (!$id) {
$w->error("Missing parameter in request", "/channels/listprocessors");
}
// Remove CSRF token from request
$post = $_POST;
if (!empty($post[CSRF::getTokenID()])) {
unset($post[CSRF::getTokenID()]);
}
$processor = $w->Channel->getProcessor($id);
if (empty($processor->id)) {
$w->error("Invalid processor ID", "/channels/listprocessors");
}
$processor->settings = json_encode($post);
$processor->update();
$w->msg("Processor settings saved", "/channels/listprocessors");
}
function editoccupant_GET(Web $w)
{
list($householdid, $occupantid) = $w->pathMatch("a", "b");
if (empty($householdid)) {
$w->error("Need a household ID");
}
$household = $w->Bend->getHouseholdForId($householdid);
if (empty($household)) {
$w->error("Household not found");
}
$oc = new BendHouseholdOccupant($w);
$contact = new Contact($w);
if (!empty($occupantid)) {
$oc = $w->Bend->getHouseholdOccupantForId($occupantid);
$contact = $oc->getContact();
}
$form["Household"] = array(array(array("Street Number", "static", "", $household->streetnumber), array("Is CHL?", "static", "", $household->is_chl ? "yes" : "no"), array("Is Occupied?", "static", "", $household->is_occupied ? "yes" : "no")));
$form["Occupant"] = array(array(array("Occupant From", "date", "d_start", !empty($oc->d_start) ? formatDate($oc->d_start) : ""), array("Occupant To", "date", "d_end", !empty($oc->d_end) ? formatDate($oc->d_end) : "")), array(array("Pays Electricity?", "select", "pays_electricity", $oc->pays_electricity, lookupForSelect($w, "YesNo")), array("Does Workhours?", "select", "does_workhours", $oc->does_workhours, lookupForSelect($w, "YesNo"))));
$form["Occupant Contact"] = array(array(empty($oc->user_id) ? array("Select Existing User", "select", "user_id", null, $w->Auth->getUsers()) : array("User", "static", "", $oc->getFullName())), array(array("First Name", "text", "firstname", $contact->firstname), array("Last Name", "text", "lastname", $contact->lastname), array("Email", "text", "email", $contact->email)), array(array("Home Phone", "text", "homephone", $contact->homephone), array("Work Phone", "text", "workphone", $contact->workphone), array("Mobile Phone", "text", "mobile", $contact->mobile)));
$w->ctx("form", Html::multiColForm($form, "/bend-household/editoccupant/{$householdid}/{$occupantid}", "POST", "Save"));
}
function removewidget_ALL(Web $w)
{
$p = $w->pathMatch("origin", "id");
// "source", "widget");
$widget = $w->Widget->getWidgetById($p["id"]);
//, $p["source"], $p["widget"]);
if (empty($widget->id)) {
$w->error("Widget not found", "/{$p['origin']}");
}
$widget->delete();
$w->msg("Widget removed", "/{$p['origin']}");
}
function showperiod_GET(Web $w)
{
list($id) = $w->pathMatch("a");
$wp = $w->Bend->getWorkperiodForId($id);
if (empty($wp)) {
$w->error("Workperiod does not exist", "/bend-workhours/admin");
}
History::add("Work Period: " . formatDate($wp->d_start));
$w->ctx("workperiod", $wp);
$w->ctx("categories", $w->Bend->getTopLevelWorkCategories());
$w->ctx("households", $w->Bend->getAllHouseholds());
}
function delete_GET(Web $w)
{
$p = $w->pathMatch("id");
$id = $p["id"];
if ($id) {
$processor = $w->Channel->getProcessor($id);
$processor->delete();
$w->msg("Processor deleted", "/channels/listprocessors");
} else {
$w->error("Could not find processor");
}
}
function gitpull_POST(Web $w)
{
$git = $_POST["git"];
if (empty($_POST["branch"])) {
$w->error("Branch missing", "/admin/gitpull");
}
if (empty($git)) {
$git = "git";
}
chdir(ROOT_PATH);
echo "<pre>";
echo trim(shell_exec(escapeshellarg($git) . " pull origin " . escapeshellarg($_POST["branch"])));
echo "</pre>";
}
function forgotpassword_POST(Web $w)
{
$support_email = Config::get('main.company_support_email');
if (empty($support_email)) {
$w->Log->error("Cannot send recovery email. This site has not been configured with a default email address. Th project config needs a main.company_support_email record.");
$w->error("Cannot send recovery email. This site has not been configured with a default email address", "/auth/login");
}
$login = $w->request("login");
$user = $w->Auth->getUserForLogin($login);
$responseString = "If this account exists then a password reset email has been just sent to the associated email address.";
// For someone trying to gain access to a system, this is one of the
// easiest ways to find a valid login, using the security through obscurity
// principle, we dont tell them if it was a valid user or not, and we can log if they get it wrong
// Note the previous message was "Could not find your account"
if (!$user) {
$w->msg($responseString, "/auth/login");
}
$user_contact = $user->getContact();
// Generate password reset token
// We can use the cstrong to check that a cryptographically secure token was generated
$token = sha1(openssl_random_pseudo_bytes(40, $cstrong));
$user->password_reset_token = $token;
$user->dt_password_reset_at = $user->time2Dt();
$user->update();
// Send email
$message = "Hello {$user->getFullName()},\n<br/>";
$message .= "Please go to this link to reset your password:<br/>\n";
$message .= "<a href=\"http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}\">http://" . $_SERVER["HTTP_HOST"] . "/auth/resetpassword?email={$user_contact->email}&token={$token}</a>\n<br/>You have 24 hours to reset your password.<br/><br/>";
$message .= "Thank you,\n<br/>cmfive support";
$result = $w->Mail->sendMail($user_contact->email, $support_email, Config::get("main.application_name") . " password reset", $message);
if ($result !== 0) {
$w->msg($responseString, "/auth/login");
} else {
$w->error("There was a problem sending an email, check your settings.", "/auth/login");
}
// explain
}
function test_ALL(Web $w)
{
$p = $w->pathMatch("id");
if (empty($p["id"])) {
$w->error("No connection ID specified", "/report-connections");
}
$connection = $w->Report->getConnection($p["id"]);
if (empty($connection->id)) {
$w->error("Connection could not be found", "/report-connections");
}
// Decrypt is called in getDb(), which reencrypts it
// $connection->decrypt();
// var_dumP($connection);
try {
$dbo = $connection->getDb();
echo "Connected to DB<br/>Fetching databases to test connection...<br/>";
$results;
switch ($connection->db_driver) {
case "pgsql":
$results = $dbo->query("SELECT datname FROM pg_database")->fetchAll();
break;
case "mysql":
$results = $dbo->query("show databases")->fetchAll();
break;
}
if (!empty($results)) {
foreach (array_values($results) as $r) {
echo "\t{$r[0]}<br/>";
}
} else {
echo "No results found";
}
} catch (Exception $e) {
echo $e->getMessage();
}
}
function delete_ALL(Web &$w)
{
$p = $w->pathMatch("id");
// task is to get updated so gather relevant data
$task = $w->Task->getTask($p['id']);
// if task exists, continue
if (!empty($task->id)) {
$task->is_closed = 1;
$task->is_deleted = 1;
$task->update();
$w->msg("Task: " . $task->title . " has been deleted.", "/task/tasklist/");
} else {
$w->error("Task could not be found.", "/task/tasklist/");
}
}
function atdel_GET(Web &$w)
{
$p = $w->pathMatch("id", "url");
$att = $w->service("File")->getAttachment($p['id']);
if ($att) {
$w->ctx('attach_id', $att->id);
$w->ctx('attach_table', $att->parent_table);
$w->ctx('attach_table_id', $att->parent_id);
$w->ctx('attach_title', $att->title);
$w->ctx('attach_description', $att->description);
$att->delete();
$w->msg("Attachment deleted.", "/" . str_replace(" ", "/", $p['url']));
} else {
$w->error("Attachment does not exist.", "/" . str_replace(" ", "/", $p['url']));
}
}
function configwidget_POST(Web $w)
{
$p = $w->pathMatch("origin", "id");
// "origin", "source", "widget");
// $widget = $w->Widget->getWidget($p["origin"], $p["source"], $p["widget"]);
$widget = $w->Widget->getWidgetById($p["id"]);
// $widgetname = $p["widget"];
if (empty($widget->id)) {
$w->error("Widget not found", "/{$p['origin']}");
}
$vars = $_POST;
unset($vars[CSRF::getTokenID()]);
$widget->custom_config = json_encode($vars);
$widget->update();
$w->msg("Widget updated", "/{$p['origin']}");
}
function resetpassword_POST(Web $w)
{
$email = $w->request('email');
// email
$token = $w->request('token');
// token
$password = $w->request('password');
// password
$password_confirm = $w->request('password_confirm');
if ($password !== $password_confirm) {
$w->error("Passwords do not match", "/auth/resetpassword?email={$email}&token={$token}");
return;
}
$user = $w->Auth->getUserForToken($token);
//getObject("User", array("password_reset_token", $token));
$validData = false;
if (!empty($user->id)) {
// Check that the password reset hasn't expired
if (time() - strtotime($user->dt_password_reset_at) < 0) {
$w->msg("Your token has expired (max 24 hours), please submit for a new one", "/admin/forgotpassword");
return;
}
$user_contact = $user->getContact();
if (!empty($user_contact)) {
if ($user_contact->email == $email) {
$user->setPassword($password);
$user->password_reset_token = null;
$user->dt_password_reset_at = null;
$user->update(true);
// Precautionary logout
if ($w->Auth->loggedIn()) {
$w->sessionDestroy();
}
$validData = true;
}
}
}
if (!$validData) {
$w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}");
$w->out("Invalid email or token, this incident has been logged");
} else {
$w->msg("Your password has been reset", "/auth/login");
}
}
function addwidget_POST(Web $w)
{
$p = $w->pathMatch("module");
$module = $p["module"];
// $id = $p["id"];
// $widget = $w->Widget->getWidget($_POST["destination_module"], $_POST["source_module"], $_POST["widget_name"]);
// $widget = $w->Widget->getWidgetByID($)
// if (null !== $widget) {
// $w->error("This entry already exists!", "/{$module}/index");
// }
$widget = new WidgetConfig($w);
$widget->destination_module = $module;
$widget->fill($_POST);
$widget->user_id = $w->Auth->user()->id;
$response = $widget->insert();
if ($response === true) {
$w->msg("Widget Added", "/{$module}/index");
} else {
$w->error("Could not add widget", "/{$module}/index");
}
}
