private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
public function storeContent()
{
$name = $_POST['name'];
$final = $_POST['final'];
$advantages = $_POST['ad'];
$disadvantages = $_POST['dis'];
$retID = pass_passService::getUid();
if (!$retID) {
$result['errNum'] = '0007';
$result['errMsg'] = errorcode::$error[$result['errNum']];
$this->renderJson($result);
}
$content = array('name' => $name, 'final' => $final, 'ad' => $advantages, 'dis' => $disadvantages);
$redis = redisModel::getInstance();
$key = sprintf(self::REDIS_DECISION_USER_KEY, $retID);
$ret = $redis::$redis->lPush($key, json_encode($content));
if (!$ret) {
log::warning("redis write error", "log.wf");
$result['errNum'] = '0005';
$result['errMsg'] = errorcode::$error[$result['errNum']];
$this->renderJson($result);
}
$result['errNum'] = '0000';
$result['errMsg'] = errorcode::$error[$result['errNum']];
$this->renderJson($result);
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
public function auth()
{
if (!identity::active_user()->admin) {
access::forbidden();
}
access::verify_csrf();
$form = self::_form();
$valid = $form->validate();
$user = identity::active_user();
if ($valid) {
module::event("user_auth", $user);
if (!request::is_ajax()) {
message::success(t("Successfully re-authenticated!"));
}
url::redirect(Session::instance()->get_once("continue_url"));
} else {
$name = $user->name;
log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
if (request::is_ajax()) {
$v = new View("reauthenticate.html");
$v->form = $form;
$v->user_name = identity::active_user()->name;
json::reply(array("html" => (string) $v));
} else {
self::_show_form($form);
}
}
}
public function __construct()
{
$dbConfig = (require CONF_PATH . "db.conf.php");
$this->mysqli = mysqli_init();
$ret = $this->mysqli->real_connect($dbConfig["host"], $dbConfig["username"], $dbConfig["password"], $dbConfig["dbname"], $dbConfig["port"]);
if (!$ret) {
log::warning("mysql connect error", "log.wf");
}
}
public function __construct()
{
$dbConfig = (require CONF_PATH . "redis.conf.php");
self::$redis = new redis();
$ret = self::$redis->connect($dbConfig["host"], $dbConfig["port"]);
if (!$ret) {
log::warning("redis connect error", "log.wf");
}
}
public function selectUid($email)
{
$sql = "select userId from {$this->table} where email='{$email}' ";
$ret = $this->db->mysqli->query($sql);
if ($this->db->mysqli->error) {
log::warning($sql, "log.wf");
return false;
}
log::notice($sql, "log.nf");
return $ret;
}
/**
* Show a list of all available, running and finished tasks.
*/
public function index()
{
$query = Database::instance()->query("UPDATE {tasks} SET `state` = 'stalled' " . "WHERE done = 0 " . "AND state <> 'stalled' " . "AND unix_timestamp(now()) - updated > 15");
$stalled_count = $query->count();
if ($stalled_count) {
log::warning("tasks", t2("One task is stalled", "%count tasks are stalled", $stalled_count), t('<a href="%url">view</a>', array("url" => html::mark_clean(url::site("admin/maintenance")))));
}
$view = new Admin_View("admin.html");
$view->content = new View("admin_maintenance.html");
$view->content->task_definitions = task::get_definitions();
$view->content->running_tasks = ORM::factory("task")->where("done", 0)->orderby("updated", "DESC")->find_all();
$view->content->finished_tasks = ORM::factory("task")->where("done", 1)->orderby("updated", "DESC")->find_all();
print $view;
}
/**
* Show a list of all available, running and finished tasks.
*/
public function index()
{
$query = db::build()->update("tasks")->set("state", "stalled")->where("done", "=", 0)->where("state", "<>", "stalled")->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15"))->execute();
$stalled_count = $query->count();
if ($stalled_count) {
log::warning("tasks", t2("One task is stalled", "%count tasks are stalled", $stalled_count), t('<a href="%url">view</a>', array("url" => html::mark_clean(url::site("admin/maintenance")))));
}
$view = new Admin_View("admin.html");
$view->content = new View("admin_maintenance.html");
$view->content->task_definitions = task::get_definitions();
$view->content->running_tasks = ORM::factory("task")->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
$view->content->finished_tasks = ORM::factory("task")->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
print $view;
}
/**
* Show a list of all available, running and finished tasks.
*/
public function index()
{
$query = Database::instance()->query("UPDATE `tasks` SET `state` = 'stalled' " . "WHERE done = 0 " . "AND state <> 'stalled' " . "AND unix_timestamp(now()) - updated > 120");
$stalled_count = $query->count();
if ($stalled_count) {
log::warning("tasks", t2("One task is stalled", "%count tasks are stalled", $stalled_count), t("%link_startview%link_end", array("link_start" => "<a href=\"" . url::site("admin/maintenance") . "\">", "link_start" => "</a>")));
}
$view = new Admin_View("admin.html");
$view->content = new View("admin_maintenance.html");
$view->content->task_definitions = $this->_get_task_definitions();
$view->content->running_tasks = ORM::factory("task")->where("done", 0)->orderby("updated", "desc")->find_all();
$view->content->finished_tasks = ORM::factory("task")->where("done", 1)->orderby("updated", "desc")->find_all();
$view->content->csrf = access::csrf_token();
print $view;
}
/**
* Show a list of all available, running and finished tasks.
*/
public function index()
{
$query = db::build()->update("tasks")->set("state", "stalled")->where("done", "=", 0)->where("state", "<>", "stalled")->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15"))->execute();
$stalled_count = $query->count();
if ($stalled_count) {
log::warning("tasks", t2("One task is stalled", "%count tasks are stalled", $stalled_count), t('<a href="%url">view</a>', array("url" => html::mark_clean(url::site("admin/maintenance")))));
}
$view = new Admin_View("admin.html");
$view->page_title = t("Maintenance tasks");
$view->content = new View("admin_maintenance.html");
$view->content->task_definitions = task::get_definitions();
$view->content->running_tasks = ORM::factory("task")->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
$view->content->finished_tasks = ORM::factory("task")->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
print $view;
// Do some maintenance while we're in here
db::build()->delete("caches")->where("expiration", "<>", 0)->where("expiration", "<=", time())->execute();
module::deactivate_missing_modules();
}
private function _auth($url)
{
$form = auth::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = identity::lookup_user_by_name($form->login->inputs["name"]->value);
if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
auth::login($user);
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
private function _auth($url)
{
$form = user::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
user::login($user);
log::info("user", t("User %name logged in", array("name" => $user->name)));
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
private function _try_login()
{
$form = $this->_login_form();
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
user::login($user);
log::info("user", t("User %name logged in", array("name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
public function auth()
{
if (!identity::active_user()->admin) {
access::forbidden();
}
access::verify_csrf();
$form = self::_form();
$valid = $form->validate();
$user = identity::active_user();
if ($valid) {
message::success(t("Successfully re-authenticated!"));
module::event("user_auth", $user);
$continue_url = Session::instance()->get_once("continue_url", "admin");
url::redirect($continue_url);
} else {
$name = $user->name;
log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
return self::_show_form($form);
}
}
/**
* Requests a set of rows/objects from the data source.
*
* @param string $model The class of the model to give the results.
* @param string $sql The query to run.
* @param mixed $params Could be an array of scalar values for a parameterized query, or for some database types an array of additional options. May also be scalar values for a parameterized query.
*
* @return mixed The rows/objects as an object of type specified in $model or stdClass if $model does not exist.
*/
public function mquery($model, $sql, $params = array())
{
if ($model === null) {
$model = 'stdClass';
} elseif ($model != 'stdClass' && substr($model, -5) != 'Model') {
$model .= 'Model';
}
if (!class_exists($model)) {
log::warning(sprintf('Class "%s" does not exist, falling back to stdClass.', $model));
$model = 'stdClass';
}
$args = func_get_args();
if (count($args) > 2 && !is_array($params)) {
array_shift($args);
array_shift($args);
$params = $args;
}
$results = $this->raw_query($sql, $params);
return $this->to_model($model, $results);
}
public function change_email($id)
{
$user = user::lookup($id);
if (!$user || $user->guest || $user->id != identity::active_user()->id) {
access::forbidden();
}
$form = $this->_get_change_email_form($user);
try {
$valid = $form->validate();
$user->email = $form->change_email->email->value;
$user->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->change_email->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$user->save();
module::event("user_change_email_form_completed", $user, $form);
message::success(t("Email address changed"));
module::event("user_auth", $user);
json::reply(array("result" => "success", "resource" => url::site("users/{$user->id}")));
} else {
log::warning("user", t("Failed email change for %name", array("name" => $user->name)));
$name = $user->name;
module::event("user_auth_failed", $name);
json::reply(array("result" => "error", "html" => (string) $form));
}
}
static function convert($input_file, $output_file)
{
$success = false;
$dcraw = rawphoto_graphics::detect_dcraw();
if ($dcraw->installed) {
// Use dcraw to convert from a raw image to a standard pixmap.
$cmd = escapeshellcmd($dcraw->path) . " -c -w ";
if (version_compare($dcraw->version, "6.00", ">=")) {
$cmd .= "-t 0 ";
}
if (version_compare($dcraw->version, "8.81", ">=")) {
$cmd .= "-W ";
}
$icc_path = module::get_var("rawphoto", "icc_path");
if (!empty($icc_path) && version_compare($dcraw->version, "8.00", ">=")) {
$cmd .= "-p " . escapeshellarg($icc_path) . " ";
}
$cmd .= escapeshellarg($input_file);
// Then use the graphics toolkit to convert the stream to a JPEG.
$cmd .= " | ";
$toolkit_id = module::get_var("gallery", "graphics_toolkit");
$toolkit_path = module::get_var("gallery", "graphics_toolkit_path");
$image_quality = module::get_var("gallery", "image_quality");
$toolkit_compat = false;
switch ($toolkit_id) {
case 'imagemagick':
$cmd .= escapeshellcmd("{$toolkit_path}/convert");
$cmd .= " -quality " . escapeshellarg($image_quality . "%");
$cmd .= " - " . escapeshellarg($output_file);
$toolkit_compat = true;
break;
case 'graphicsmagick':
$cmd .= escapeshellcmd("{$toolkit_path}/gm");
$cmd .= " convert -quality " . escapeshellarg($image_quality . "%");
$cmd .= " - " . escapeshellarg($output_file);
$toolkit_compat = true;
break;
default:
log::warning("rawphoto", "Cannot convert raw photo with graphics toolkit: " . $toolkit_id->active);
}
if ($toolkit_compat) {
exec($cmd, $output, $return_var);
// Failure is common, because dcraw will abort unless the original image is a raw photo.
$success = $return_var == 0;
if (!$success) {
@unlink($output_file);
}
}
}
return $success;
}
/**
* authenticate the user
*
* @param string $url
* @return boolean
*/
private function _auth($url)
{
$form = auth::get_login_form($url);
$validform = $form->validate();
$valid = false;
if ($validform) {
// retrieve the values from the form
$name = $form->login->inputs["name"]->value;
$pass = $form->login->password->value;
// do we have a user?
$user = identity::lookup_user_by_name($name);
$validuser = empty($user) ? false : true;
// is the user authentic?
$checkpass = $this->_checkpass($name, $pass);
/*
* we are concerned with these three possibilities:
* 1. there is no valid user or no valid password
* 2. there is no valid user but a valid password
* 3. there is a valid user and a valid password
*/
// 1. there is no valid user or no valid password: error
if (!$validuser || !$checkpass) {
$form->login->inputs["name"]->add_error("invalid_login", 1);
$name = $form->login->inputs["name"]->value;
log::warning("user", t("Failed login for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
}
// 2. there is no valid user but a valid password: create account if allowed
if (!$validuser && $checkpass && $this->create_account) {
$account = $this->pam_auth->getAccount();
if ($account) {
$password = md5(uniqid(mt_rand(), true));
$new_user = identity::create_user($account->name, $account->full_name, $password, $account->email);
$new_user->url = '';
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$user = identity::lookup_user_by_name($account->name);
$validuser = empty($user) ? false : true;
}
}
// 3. there is a valid user and a valid password: load user account
if ($validuser && $checkpass) {
auth::login($user);
$valid = true;
}
}
// regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
/**
* Decrypts cipher encrypted by crypt::encrypt() previously.
*
* Encrypted cipher is decryptable in current session, only.
*
* crypt::encrypt() and crypt::decrypt() transparently work on systems
* missing mcrypt support by always passing provided cleartext.
*
* @throws \RuntimeException raised on missing mcrypt
* @throws \InvalidArgumentException raised on decrypting failed
* @param string $cipher encrypted message
* @return string decrypted message
*/
public function decrypt($cipher)
{
// test for tag on cipher and pass back provided cipher as is if tag is missing
if (substr($cipher, 0, 8) !== 'TXF!CIPH') {
log::warning('actually not decrypting since cipher is not properly encrypted');
return $cipher;
}
if (!is_callable('mcrypt_module_open')) {
throw new \RuntimeException('missing mcrypt');
}
// actually decrypt provided cipher
mcrypt_generic_init($this->cryptModule, $this->preparedKey(), $this->preparedIV());
$decrypted = mdecrypt_generic($this->cryptModule, substr($cipher, 8));
mcrypt_generic_deinit($this->cryptModule);
// check integrity of decrypted message
$cleartext = substr($decrypted, 20);
$hash = substr($decrypted, 0, 20);
if (sha1($cleartext, true) !== $hash) {
log::error('decryption failed');
throw new \InvalidArgumentException('decryption failed');
}
return $cleartext;
}
/**
* Restores variable space from current snapshot made to be storable in
* session.
*/
protected final function makeUsable()
{
if (trim($this->storable)) {
if (data::autoType(config::get('session.encrypt', false), 'boolean')) {
try {
$space = unserialize(crypt::create()->decrypt($this->storable));
} catch (\InvalidArgumentException $e) {
log::warning('session lost due to failed decryption, might be okay if browser lost cookie in between');
$space = array();
}
} else {
$space = unserialize($this->storable);
}
if (is_array($space)) {
$this->usable = $space;
}
$this->storable = null;
}
if (!is_array($this->usable)) {
$this->usable = array();
}
}
/**
* Iterates over given or configured list of user database providers invoking
* provided callback on every provider until first callback is returning
* properly without throwing exception.
*
* @param callable $callback callback to invoke per iterated user database provider
* @param array|string $explicitSource set of provider names to iterate or name of first provider in a sequence to test
* @return mixed|null result return from callback, null if all callbacks threw exception
* @throws \RuntimeException on missing valid set of providers to iterate
* @throws unauthorized_exception if callback is throwing in other case than "user isn't found"
* @throws \InvalidArgumentException on missing callback
*/
public static final function findProvider($callback, $explicitSource = null)
{
if (!is_callable($callback)) {
throw new \InvalidArgumentException('invalid callback on finding user provider');
}
// get list of sources to look up for requested user
if (is_array($explicitSource)) {
$sources = $explicitSource;
} else {
$sources = func_get_args();
array_shift($sources);
}
if (!count($sources)) {
$sources = config::getList('user.sources.enabled');
}
if (!count($sources)) {
throw new \RuntimeException('missing/invalid user sources configuration');
}
// traverse list of sources ...
foreach ($sources as $source) {
if (trim($source) !== '' && ctype_alnum($source)) {
// read its configuration
$definition = config::get('user.sources.setup.' . $source);
if (is_array($definition)) {
// read name of class for managing user source from configuration
$class = array_key_exists('class', $definition) ? data::isKeyword($definition['class']) : null;
if (!$class) {
$class = data::isKeyword($definition['type'] . '_user');
}
if (txf::import($class)) {
try {
// create instance of managing class
$factory = new \ReflectionClass($class);
$user = $factory->newInstance();
if ($user instanceof self) {
$user->configure($definition);
return call_user_func($callback, $user);
}
} catch (unauthorized_exception $e) {
if (!$e->isUserNotFound()) {
throw $e;
}
} catch (\Exception $e) {
log::warning('failed to search user source: ' . $e);
}
}
}
}
}
return null;
}
/**
* Import a single photo or movie.
*/
static function import_item(&$queue)
{
$g2_item_id = array_shift($queue);
if (self::map($g2_item_id)) {
return;
}
self::$current_g2_item = $g2_item = g2(GalleryCoreApi::loadEntitiesById($g2_item_id));
$parent = ORM::factory("item", self::map($g2_item->getParentId()));
$g2_path = g2($g2_item->fetchPath());
$g2_type = $g2_item->getEntityType();
$corrupt = 0;
if (!file_exists($g2_path)) {
// If the Gallery2 source image isn't available, this operation is going to fail. That can
// happen in cases where there's corruption in the source Gallery 2. In that case, fall
// back on using a broken image. It's important that we import *something* otherwise
// anything that refers to this item in Gallery 2 will have a dangling pointer in Gallery 3
//
// Note that this will change movies to be photos, if there's a broken movie. Hopefully
// this case is rare enough that we don't need to take any heroic action here.
Kohana::log("alert", "{$g2_path} missing in import; replacing it");
$g2_path = MODPATH . "g2_import/data/broken-image.gif";
$g2_type = "GalleryPhotoItem";
$corrupt = 1;
}
switch ($g2_type) {
case "GalleryPhotoItem":
if (!in_array($g2_item->getMimeType(), array("image/jpeg", "image/gif", "image/png"))) {
$g2_path = MODPATH . "g2_import/data/broken-image.gif";
Kohana::log("alert", "{$g2_path} unsupported image type; using a placeholder gif");
$corrupt = 1;
}
$item = photo::create($parent, $g2_path, $g2_item->getPathComponent(), $g2_item->getTitle(), self::extract_description($g2_item), self::map($g2_item->getOwnerId()));
break;
case "GalleryMovieItem":
// @todo we should transcode other types into FLV
if (in_array($g2_item->getMimeType(), array("video/mp4", "video/x-flv"))) {
$item = movie::create($parent, $g2_path, $g2_item->getPathComponent(), $g2_item->getTitle(), self::extract_description($g2_item), self::map($g2_item->getOwnerId()));
}
break;
default:
// Ignore
break;
}
if (!empty($item)) {
self::import_keywords_as_tags($g2_item->getKeywords(), $item);
}
if (isset($item)) {
self::set_map($g2_item_id, $item->id);
}
if ($corrupt) {
$url_generator = $GLOBALS["gallery"]->getUrlGenerator();
// @todo we need a more persistent warning
$g2_item_url = $url_generator->generateUrl(array("itemId" => $g2_item->getId()));
// Why oh why did I ever approve the session id placeholder idea in G2?
$g2_item_url = str_replace('&g2_GALLERYSID=TMP_SESSION_ID_DI_NOISSES_PMT', '', $g2_item_url);
$warning = t("<a href=\"%g2_url\">%title</a> from Gallery 2 could not be processed; " . "(imported as <a href=\"%g3_url\">%title</a>)", array("g2_url" => $g2_item_url, "g3_url" => $item->url(), "title" => $g2_item->getTitle()));
message::warning($warning);
log::warning("g2_import", $warning);
Kohana::log("alert", $warning);
}
self::$current_g2_item = null;
}
/**
* Gets the form to process, or given the form to process - processes it.
*
* @param string|null $form
* The form identifier of the form to process.
*
* @return string|bool|null
* When $form is null, returns either null or a string form identifier.
* When a form identifier is passed, returns a boolean indicating the success or failure of the form processing.
*/
public static function process($form = null)
{
if (isset(self::$processed)) {
log::warning('Invalid call to formHelper::process() - the form has already been processed.');
return false;
}
if (!isset($form)) {
if (is::existset(munla::$session, 'forms')) {
foreach (munla::$session['forms'] as $csrfName => $csrfForms) {
foreach ($csrfForms as $formid => $f) {
if (!is::existset($f, 'callback') || !is_callable($f['callback'])) {
continue;
}
$_FORM = array();
switch (strtolower($f['method'])) {
case 'post':
$_FORM =& $_POST;
break;
case 'get':
$_FORM =& $_GET;
break;
}
if (!is::existset($_FORM, 'mnl_formid')) {
unset($_FORM);
continue;
}
if (substr($_FORM['mnl_formid'], 0, strlen($csrfName) + 1) == $csrfName . '-' && substr($_FORM['mnl_formid'], strlen($csrfName) + 1) == $formid) {
unset($_FORM);
return sprintf('%s::%s', $csrfName, $formid);
}
unset($_FORM);
}
}
}
$mnl_formaction = self::validateAction(is::existset($_POST, 'mnl_formaction') ? $_POST['mnl_formaction'] : (is::existset($_GET, 'mnl_formaction') ? $_GET['mnl_formaction'] : null));
if ($mnl_formaction) {
return 'simpleForm::' . $mnl_formaction;
}
return $form;
}
if (!is_string($form) || strpos($form, '::') === false) {
log::error(sprintf('Invalid form identifier "%s"', $form));
return false;
}
list($csrfName, $formid) = explode('::', $form, 2);
if ($csrfName == 'simpleForm' && is_callable($formid)) {
//$formid(); //trigger the callback - we don't know the values or form definition so no parameters
$_FORM = array();
if (is::existset($_POST, 'mnl_formaction')) {
$_FORM =& $_POST;
}
if (is::existset($_GET, 'mnl_formaction')) {
$_FORM =& $_GET;
}
self::fixArrays();
unset($_FORM['mnl_formaction']);
//normalize the file listing into a better array if any files were uploaded
self::fixFileArray($_FORM);
self::$processed = array('errors' => array(), 'fielderrors' => array(), 'msg' => null);
self::$processed['form']['formid'] = $formid;
$p = get::helper('form');
$processed = call_user_func($formid, $p, $_FORM);
if ($processed === false) {
self::$processed['errors'][] = 'Failed to process the form.';
} elseif ($processed !== true) {
if (is_array($processed)) {
foreach ($processed as $err) {
$success = false;
switch (substr($err, 0, 1)) {
case '+':
$err = substr($err, 1);
$success = true;
break;
case '-':
$err = substr($err, 1);
break;
}
self::$processed[$success ? 'msg' : 'errors'][] = $err;
}
} else {
$success = false;
switch (substr($processed, 0, 1)) {
case '+':
$processed = substr($processed, 1);
$success = true;
break;
case '-':
$processed = substr($processed, 1);
break;
}
self::$processed[$success ? 'msg' : 'errors'][] = $processed;
}
}
return count(self::$processed['errors']) < 1;
}
if (!is::existset(munla::$session, 'forms') || !is::existset(munla::$session['forms'], $csrfName) || !is::existset(munla::$session['forms'][$csrfName], $formid)) {
log::error(sprintf('Specified form definition "%s" was not found', $form));
return false;
}
$form = munla::$session['forms'][$csrfName][$formid];
if (!is::existset($form, 'callback') || !is_callable($form['callback'])) {
log::error(sprintf('Form does not have a valid callback.'));
return false;
}
$callback = explode('::', $form['callback']);
$_FORM = array();
switch (strtolower($form['method'])) {
case 'post':
$_FORM =& $_POST;
break;
case 'get':
$_FORM =& $_GET;
break;
}
self::fixArrays();
self::$processed = array('errors' => array(), 'fielderrors' => array(), 'msg' => null);
self::$processed['form'] = $form;
if (is::existset($_FORM, 'mnl_formid')) {
unset($_FORM['mnl_formid']);
}
//normalize the file listing into a better array if any files were uploaded
self::fixFileArray($_FORM);
//fix up special field types
foreach ($form['fields'] as $field) {
$type = get_class($field);
if ($type == 'fe_image') {
$name = $field->getName();
if (!is::existset($_FORM, $name) && is::existset($_FORM, $name . '_x')) {
$_FORM[$name] = true;
}
} elseif ($type == 'fe_session') {
$_FORM[$field->getName()] = $field->get_value();
}
}
$fields = new formFieldList($form['fields']);
$validating = array($callback[0], $callback[1] . '_validating');
$validate = array($callback[0], $callback[1] . '_validate');
if (is_callable($validating)) {
$validating($this, $fields, $_FORM);
}
$valid = is_callable($validate) ? $validate($_FORM) : self::validate($fields, $_FORM, strtolower($form['method']) == 'post' && !$form['nocsrf']);
if ($valid) {
$processed = $callback($_FORM);
if (isset($processed)) {
if ($processed === false) {
self::$processed['errors'][] = 'Failed to process the form.';
} elseif ($processed !== true) {
if (is_array($processed)) {
foreach ($processed as $err) {
$success = false;
switch (substr($err, 0, 1)) {
case '+':
$err = substr($err, 1);
$success = true;
break;
case '-':
$err = substr($err, 1);
break;
}
self::$processed[$success ? 'msg' : 'errors'][] = $err;
}
} else {
$success = false;
switch (substr($processed, 0, 1)) {
case '+':
$processed = substr($processed, 1);
$success = true;
break;
case '-':
$processed = substr($processed, 1);
break;
}
self::$processed[$success ? 'msg' : 'errors'][] = $processed;
}
}
}
} elseif (count(self::$processed['errors']) < 1) {
self::$processed['errors'][] = 'Failed form validation.';
}
return count(self::$processed['errors']) < 1;
}
