/** * Run the controller and parse the template * * @return Response */ public function run() { /** @var \BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_preview'); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['fePreview']); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->site = \Input::get('site', true); $objTemplate->switchHref = \System::getContainer()->get('router')->generate('contao_backend_switch'); if (\Input::get('url')) { $objTemplate->url = \Environment::get('base') . \Input::get('url'); } elseif (\Input::get('page')) { $objTemplate->url = $this->redirectToFrontendPage(\Input::get('page'), \Input::get('article'), true); } else { $objTemplate->url = \System::getContainer()->get('router')->generate('contao_root', [], UrlGeneratorInterface::ABSOLUTE_URL); } // Switch to a particular member (see #6546) if (\Input::get('user') && $this->User->isAdmin) { $objUser = \MemberModel::findByUsername(\Input::get('user')); if ($objUser !== null) { $strHash = $this->getSessionHash('FE_USER_AUTH'); // Remove old sessions $this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute(time() - \Config::get('sessionTimeout'), $strHash); // Insert the new session $this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute($objUser->id, time(), 'FE_USER_AUTH', \System::getContainer()->get('session')->getId(), \Environment::get('ip'), $strHash); // Set the cookie $this->setCookie('FE_USER_AUTH', $strHash, time() + \Config::get('sessionTimeout'), null, null, false, true); $objTemplate->user = \Input::post('user'); } } return $objTemplate->getResponse(); }
/** * Generate the module * * @return string */ public function run() { $arrJobs = array(); /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_purge_data'); $objTemplate->isActive = $this->isActive(); $objTemplate->message = \Message::generateUnwrapped(); // Run the jobs if (\Input::post('FORM_SUBMIT') == 'tl_purge') { $purge = \Input::post('purge'); if (!empty($purge) && is_array($purge)) { foreach ($purge as $group => $jobs) { foreach ($jobs as $job) { list($class, $method) = $GLOBALS['TL_PURGE'][$group][$job]['callback']; $this->import($class); $this->{$class}->{$method}(); } } } \Message::addConfirmation($GLOBALS['TL_LANG']['tl_maintenance']['cacheCleared']); $this->reload(); } // Tables foreach ($GLOBALS['TL_PURGE']['tables'] as $key => $config) { $arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'tables', 'affected' => ''); // Get the current table size foreach ($config['affected'] as $table) { $objCount = $this->Database->execute("SELECT COUNT(*) AS count FROM " . $table); $arrJobs[$key]['affected'] .= '<br>' . $table . ': <span>' . sprintf($GLOBALS['TL_LANG']['MSC']['entries'], $objCount->count) . ', ' . $this->getReadableSize($this->Database->getSizeOf($table), 0) . '</span>'; } } $strCachePath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', \System::getContainer()->getParameter('kernel.cache_dir')); // Folders foreach ($GLOBALS['TL_PURGE']['folders'] as $key => $config) { $arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'folders', 'affected' => ''); // Get the current folder size foreach ($config['affected'] as $folder) { $total = 0; $folder = sprintf($folder, $strCachePath); // Only check existing folders if (is_dir(TL_ROOT . '/' . $folder)) { $objFiles = Finder::create()->in(TL_ROOT . '/' . $folder)->files(); $total = iterator_count($objFiles); } $arrJobs[$key]['affected'] .= '<br>' . $folder . ': <span>' . sprintf($GLOBALS['TL_LANG']['MSC']['files'], $total) . '</span>'; } } // Custom foreach ($GLOBALS['TL_PURGE']['custom'] as $key => $job) { $arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'custom'); } $objTemplate->jobs = $arrJobs; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->headline = $GLOBALS['TL_LANG']['tl_maintenance']['clearCache']; $objTemplate->job = $GLOBALS['TL_LANG']['tl_maintenance']['job']; $objTemplate->description = $GLOBALS['TL_LANG']['tl_maintenance']['description']; $objTemplate->submit = \StringUtil::specialchars($GLOBALS['TL_LANG']['tl_maintenance']['clearCache']); $objTemplate->help = \Config::get('showHelp') && $GLOBALS['TL_LANG']['tl_maintenance']['cacheTables'][1] != '' ? $GLOBALS['TL_LANG']['tl_maintenance']['cacheTables'][1] : ''; return $objTemplate->parse(); }
/** * Run the controller and parse the login template * * @return Response */ public function run() { /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_login'); $strHeadline = sprintf($GLOBALS['TL_LANG']['MSC']['loginTo'], \Config::get('websiteTitle')); $objTemplate->theme = \Backend::getTheme(); $objTemplate->messages = \Message::generate(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->languages = \System::getLanguages(true); $objTemplate->title = \StringUtil::specialchars($strHeadline); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->userLanguage = $GLOBALS['TL_LANG']['tl_user']['language'][0]; $objTemplate->headline = $strHeadline; $objTemplate->curLanguage = \Input::post('language') ?: str_replace('-', '_', $GLOBALS['TL_LANGUAGE']); $objTemplate->curUsername = \Input::post('username') ?: ''; $objTemplate->uClass = $_POST && empty($_POST['username']) ? ' class="login_error"' : ''; $objTemplate->pClass = $_POST && empty($_POST['password']) ? ' class="login_error"' : ''; $objTemplate->loginButton = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['loginBT']); $objTemplate->username = $GLOBALS['TL_LANG']['tl_user']['username'][0]; $objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $objTemplate->feLink = $GLOBALS['TL_LANG']['MSC']['feLink']; $objTemplate->default = $GLOBALS['TL_LANG']['MSC']['default']; $objTemplate->jsDisabled = $GLOBALS['TL_LANG']['MSC']['jsDisabled']; return $objTemplate->getResponse(); }
/** * Run the controller and parse the login template * * @return Response */ public function run() { $packages = System::getContainer()->getParameter('kernel.packages'); $this->Template = new \BackendTemplate('be_main'); $this->Template->version = $packages['contao/core-bundle']; $this->Template->main = ''; // Ajax request if ($_POST && \Environment::get('isAjaxRequest')) { $this->objAjax = new \Ajax(\Input::post('action')); $this->objAjax->executePreActions(); } // Error if (\Input::get('act') == 'error') { $this->Template->error = $GLOBALS['TL_LANG']['ERR']['general']; $this->Template->title = $GLOBALS['TL_LANG']['ERR']['general']; @trigger_error('Using act=error has been deprecated and will no longer work in Contao 5.0. Throw an exception instead.', E_USER_DEPRECATED); } elseif (!\Input::get('do') && !\Input::get('act')) { $this->Template->main .= $this->welcomeScreen(); $this->Template->title = $GLOBALS['TL_LANG']['MSC']['home']; } elseif (\Input::get('do')) { $this->Template->main .= $this->getBackendModule(\Input::get('do')); $this->Template->title = $this->Template->headline; } return $this->output(); }
/** * Generate the module */ protected function compile() { $this->import('FrontendUser', 'User'); // Initialize the password widget $arrField = array('name' => 'password', 'inputType' => 'text', 'label' => $GLOBALS['TL_LANG']['MSC']['password'][0], 'eval' => array('hideInput' => true, 'mandatory' => true, 'required' => true)); $objWidget = new \FormTextField(\FormTextField::getAttributesFromDca($arrField, $arrField['name'])); $objWidget->rowClass = 'row_0 row_first even'; $strFormId = 'tl_close_account_' . $this->id; // Validate widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); // Validate the password if (!$objWidget->hasErrors()) { // The password has been generated with crypt() if (\Encryption::test($this->User->password)) { $blnAuthenticated = \Encryption::verify($objWidget->value, $this->User->password); } else { list($strPassword, $strSalt) = explode(':', $this->User->password); $blnAuthenticated = $strSalt == '' ? $strPassword === sha1($objWidget->value) : $strPassword === sha1($strSalt . $objWidget->value); } if (!$blnAuthenticated) { $objWidget->value = ''; $objWidget->addError($GLOBALS['TL_LANG']['ERR']['invalidPass']); } } // Close account if (!$objWidget->hasErrors()) { // HOOK: send account ID if (isset($GLOBALS['TL_HOOKS']['closeAccount']) && is_array($GLOBALS['TL_HOOKS']['closeAccount'])) { foreach ($GLOBALS['TL_HOOKS']['closeAccount'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($this->User->id, $this->reg_close, $this); } } $objMember = \MemberModel::findByPk($this->User->id); // Remove the account if ($this->reg_close == 'close_delete') { $objMember->delete(); $this->log('User account ID ' . $this->User->id . ' (' . \Idna::decodeEmail($this->User->email) . ') has been deleted', __METHOD__, TL_ACCESS); } else { $objMember->disable = 1; $objMember->tstamp = time(); $objMember->save(); $this->log('User account ID ' . $this->User->id . ' (' . \Idna::decodeEmail($this->User->email) . ') has been deactivated', __METHOD__, TL_ACCESS); } $this->User->logout(); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) instanceof PageModel) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); } } $this->Template->fields = $objWidget->parse(); $this->Template->formId = $strFormId; $this->Template->action = \Environment::get('indexFreeRequest'); $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['closeAccount']); $this->Template->rowLast = 'row_1 row_last odd'; }
public function executePreActions($strAction, DataContainer $dc) { if ($strAction === 'boxSystemChange') { $elementId = Input::post('id'); $boxSystemId = Input::post('boxSystemId'); $this->Database->prepare("UPDATE tl_content SET tstamp=" . time() . ", boxSystem='" . $boxSystemId . "' WHERE id=?")->execute($elementId); } }
/** * Generate the message filter * * @return string */ public function generateMessageFilter() { if (Input::post('FORM_SUBMIT') === 'tl_filters' && Input::post($this->filterName, true) !== 'tl_' . $this->filterName) { $session = Session::getInstance()->getData(); $session['seo_serp_expand_tree'] = 'tl_page'; Session::getInstance()->setData($session); } return parent::generateMessageFilter(); }
/** * Run the controller and parse the password template * * @return Response */ public function run() { /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_password'); if (\Input::post('FORM_SUBMIT') == 'tl_password') { $pw = \Input::postUnsafeRaw('password'); $cnf = \Input::postUnsafeRaw('confirm'); // The passwords do not match if ($pw != $cnf) { \Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']); } elseif (Utf8::strlen($pw) < \Config::get('minPasswordLength')) { \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'))); } elseif ($pw == $this->User->username) { \Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']); } else { // Make sure the password has been changed if (\Encryption::verify($pw, $this->User->password)) { \Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']); } else { $this->loadDataContainer('tl_user'); // Trigger the save_callback if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) { foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $pw = $this->{$callback[0]}->{$callback[1]}($pw); } elseif (is_callable($callback)) { $pw = $callback($pw); } } } $objUser = \UserModel::findByPk($this->User->id); $objUser->pwChange = ''; $objUser->password = \Encryption::hash($pw); $objUser->save(); \Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); $this->redirect('contao/main.php'); } } $this->reload(); } $objTemplate->theme = \Backend::getTheme(); $objTemplate->messages = \Message::generate(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change']; $objTemplate->submitButton = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['continue']); $objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0]; return $objTemplate->getResponse(); }
/** * Redirect to the selected page * * @return string */ public function generate() { if (TL_MODE == 'BE') { /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_wildcard'); $objTemplate->wildcard = '### ' . Utf8::strtoupper($GLOBALS['TL_LANG']['FMD']['quicknav'][0]) . ' ###'; $objTemplate->title = $this->headline; $objTemplate->id = $this->id; $objTemplate->link = $this->name; $objTemplate->href = 'contao/main.php?do=themes&table=tl_module&act=edit&id=' . $this->id; return $objTemplate->parse(); } if (\Input::post('FORM_SUBMIT') == 'tl_quicknav_' . $this->id) { $this->redirect(\Input::post('target', true)); } return parent::generate(); }
/** * Run the controller and parse the template */ public function run() { $template = new BackendTemplate('be_main'); $template->main = ''; // Ajax request if ($_POST && Environment::get('isAjaxRequest')) { $this->objAjax = new Ajax(Input::post('action')); $this->objAjax->executePreActions(); } $strTable = Input::get('table'); $strField = Input::get('field'); // Define the current ID define('CURRENT_ID', Input::get('table') ? $this->Session->get('CURRENT_ID') : Input::get('id')); Controller::loadDataContainer($strTable); $strDriver = 'DC_' . $GLOBALS['TL_DCA'][$strTable]['config']['dataContainer']; $objDca = new $strDriver($strTable); $objDca->field = $strField; // Set the active record if ($this->Database->tableExists($strTable)) { /** @var Model $strModel $strModel */ $strModel = Model::getClassFromTable($strTable); if (class_exists($strModel)) { $objModel = $strModel::findByPk(Input::get('id')); if ($objModel !== null) { $objDca->activeRecord = $objModel; } } } // AJAX request if ($_POST && Environment::get('isAjaxRequest')) { $this->objAjax->executePostActions($objDca); } $partial = new BackendTemplate('be_rte_table_editor'); $template->isPopup = true; $template->main = $partial->parse(); $template->theme = Backend::getTheme(); $template->base = Environment::get('base'); $template->language = $GLOBALS['TL_LANGUAGE']; $template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pagepicker']); $template->charset = Config::get('characterSet'); Config::set('debugMode', false); $template->output(); }
/** * Run the controller and parse the template */ public function run() { $template = new BackendTemplate('be_picker'); $template->main = ''; // Ajax request if ($_POST && Environment::get('isAjaxRequest')) { $this->ajax = new Ajax(Input::post('action')); $this->ajax->executePreActions(); } $rebuilder = new Rebuilder(); $rebuilder->setPopupMode(true); $template->main = $rebuilder->run(); $template->theme = Backend::getTheme(); $template->base = Environment::get('base'); $template->language = $GLOBALS['TL_LANGUAGE']; $template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pagepicker']); $template->charset = Config::get('characterSet'); Config::set('debugMode', false); $template->output(); }
/** * Run the controller and parse the login template * * @return Response */ public function run() { $this->Template = new \BackendTemplate('be_main'); $this->Template->main = ''; // Ajax request if ($_POST && \Environment::get('isAjaxRequest')) { $this->objAjax = new \Ajax(\Input::post('action')); $this->objAjax->executePreActions(); } // Error if (\Input::get('act') == 'error') { $this->Template->error = $GLOBALS['TL_LANG']['ERR']['general']; $this->Template->title = $GLOBALS['TL_LANG']['ERR']['general']; } elseif (!\Input::get('do') && !\Input::get('act')) { $this->Template->main .= $this->welcomeScreen(); $this->Template->title = $GLOBALS['TL_LANG']['MSC']['home']; } elseif (\Input::get('do')) { $this->Template->main .= $this->getBackendModule(\Input::get('do')); $this->Template->title = $this->Template->headline; } return $this->output(); }
/** * Redirect to the selected page * * @return string */ public function generate() { if (TL_MODE == 'BE') { /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_wildcard'); $objTemplate->wildcard = '### ' . Utf8::strtoupper($GLOBALS['TL_LANG']['FMD']['quicklink'][0]) . ' ###'; $objTemplate->title = $this->headline; $objTemplate->id = $this->id; $objTemplate->link = $this->name; $objTemplate->href = 'contao/main.php?do=themes&table=tl_module&act=edit&id=' . $this->id; return $objTemplate->parse(); } // Redirect to selected page if (\Input::post('FORM_SUBMIT') == 'tl_quicklink_' . $this->id) { $this->redirect(\Input::post('target', true)); } // Always return an array (see #4616) $this->pages = \StringUtil::deserialize($this->pages, true); if (empty($this->pages) || $this->pages[0] == '') { return ''; } return parent::generate(); }
/** * Add a form to create new comments * * @param FrontendTemplate|object $objTemplate * @param \stdClass $objConfig * @param string $strSource * @param integer $intParent * @param mixed $varNotifies */ protected function renderCommentForm(FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $varNotifies) { $this->import('FrontendUser', 'User'); // Access control if ($objConfig->requireLogin && !FE_USER_LOGGED_IN) { $objTemplate->requireLogin = true; $objTemplate->login = $GLOBALS['TL_LANG']['MSC']['com_login']; return; } // Confirm or remove a subscription if (\Input::get('token')) { static::changeSubscriptionStatus($objTemplate); return; } // Form fields $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true))); // Captcha if (!$objConfig->disableCaptcha) { $arrFields['captcha'] = array('name' => 'captcha', 'label' => $GLOBALS['TL_LANG']['MSC']['securityQuestion'], 'inputType' => 'captcha', 'eval' => array('mandatory' => true)); } // Comment field $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true)); // Notify me of new comments $arrFields['notify'] = array('name' => 'notify', 'label' => '', 'inputType' => 'checkbox', 'options' => array(1 => $GLOBALS['TL_LANG']['MSC']['com_notify'])); $doNotSubmit = false; $arrWidgets = array(); $strFormId = 'com_' . $strSource . '_' . $intParent; // Initialize the widgets foreach ($arrFields as $arrField) { /** @var Widget $strClass */ $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; /** @var Widget $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'], $arrField['value'])); // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $arrWidgets[$arrField['name']] = $objWidget; } $objTemplate->fields = $arrWidgets; $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->messages = ''; // Deprecated since Contao 4.0, to be removed in Contao 5.0 $objTemplate->formId = $strFormId; $objTemplate->hasError = $doNotSubmit; // Do not index or cache the page with the confirmation message if ($_SESSION['TL_COMMENT_ADDED']) { /** @var PageModel $objPage */ global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm']; $_SESSION['TL_COMMENT_ADDED'] = false; } // Store the comment if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) { $strWebsite = $arrWidgets['website']->value; // Add http:// to the website if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) { $strWebsite = 'http://' . $strWebsite; } // Do not parse any tags in the comment $strComment = \StringUtil::specialchars(trim($arrWidgets['comment']->value)); $strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment); // Remove multiple line feeds $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment); // Parse BBCode if ($objConfig->bbcode) { $strComment = $this->parseBbCode($strComment); } // Prevent cross-site request forgeries $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment); $time = time(); // Prepare the record $arrSet = array('tstamp' => $time, 'source' => $strSource, 'parent' => $intParent, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1); // Store the comment $objComment = new \CommentsModel(); $objComment->setRow($arrSet)->save(); // Store the subscription if ($arrWidgets['notify']->value) { static::addCommentsSubscription($objComment); } // HOOK: add custom logic if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) { foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($objComment->id, $arrSet, $this); } } // Prepare the notification mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host'))); // Convert the comment to plain text $strComment = strip_tags($strComment); $strComment = \StringUtil::decodeEntities($strComment); $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment); // Add the comment details $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao?do=comments&act=edit&id=' . $objComment->id); // Add a moderation hint to the e-mail (see #7478) if ($objConfig->moderate) { $objEmail->text .= "\n" . $GLOBALS['TL_LANG']['MSC']['com_moderated'] . "\n"; } // Do not send notifications twice if (is_array($varNotifies)) { $objEmail->sendTo(array_unique($varNotifies)); } elseif ($varNotifies != '') { $objEmail->sendTo($varNotifies); // see #5443 } // Pending for approval if ($objConfig->moderate) { $_SESSION['TL_COMMENT_ADDED'] = true; } else { static::notifyCommentsSubscribers($objComment); } $this->reload(); } }
/** * Ajax actions that do require a data container object * * @param DataContainer $dc * * @throws NoContentResponseException * @throws ResponseException * @throws BadRequestHttpException */ public function executePostActions(DataContainer $dc) { header('Content-Type: text/html; charset=' . \Config::get('characterSet')); // Bypass any core logic for non-core drivers (see #5957) if (!$dc instanceof DC_File && !$dc instanceof DC_Folder && !$dc instanceof DC_Table) { $this->executePostActionsHook($dc); throw new NoContentResponseException(); } switch ($this->strAction) { // Load nodes of the page structure tree case 'loadStructure': throw new ResponseException($this->convertToResponse($dc->ajaxTreeView($this->strAjaxId, intval(\Input::post('level'))))); // Load nodes of the file manager tree // Load nodes of the file manager tree case 'loadFileManager': throw new ResponseException($this->convertToResponse($dc->ajaxTreeView(\Input::post('folder', true), intval(\Input::post('level'))))); // Load nodes of the page tree // Load nodes of the page tree case 'loadPagetree': $varValue = null; $strField = $dc->field = \Input::post('name'); // Call the load_callback if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) { foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $dc); } } } /** @var PageSelector $strClass */ $strClass = $GLOBALS['BE_FFL']['pageSelector']; /** @var PageSelector $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc)); throw new ResponseException($this->convertToResponse($objWidget->generateAjax($this->strAjaxId, \Input::post('field'), intval(\Input::post('level'))))); // Load nodes of the file tree // Load nodes of the file tree case 'loadFiletree': $varValue = null; $strField = $dc->field = \Input::post('name'); // Call the load_callback if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) { foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $dc); } } } /** @var FileSelector $strClass */ $strClass = $GLOBALS['BE_FFL']['fileSelector']; /** @var FileSelector $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc)); // Load a particular node if (\Input::post('folder', true) != '') { throw new ResponseException($this->convertToResponse($objWidget->generateAjax(\Input::post('folder', true), \Input::post('field'), intval(\Input::post('level'))))); } throw new ResponseException($this->convertToResponse($objWidget->generate())); // Reload the page/file picker // Reload the page/file picker case 'reloadPagetree': case 'reloadFiletree': $intId = \Input::get('id'); $strField = $dc->inputName = \Input::post('name'); // Handle the keys in "edit multiple" mode if (\Input::get('act') == 'editAll') { $intId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', $strField); $strField = preg_replace('/(.*)_[0-9a-zA-Z]+$/', '$1', $strField); } $dc->field = $strField; // The field does not exist if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField])) { $this->log('Field "' . $strField . '" does not exist in DCA "' . $dc->table . '"', __METHOD__, TL_ERROR); throw new BadRequestHttpException('Bad request'); } $objRow = null; $varValue = null; // Load the value if (\Input::get('act') != 'overrideAll') { if ($GLOBALS['TL_DCA'][$dc->table]['config']['dataContainer'] == 'File') { $varValue = \Config::get($strField); } elseif ($intId > 0 && $this->Database->tableExists($dc->table)) { $objRow = $this->Database->prepare("SELECT * FROM " . $dc->table . " WHERE id=?")->execute($intId); // The record does not exist if ($objRow->numRows < 1) { $this->log('A record with the ID "' . $intId . '" does not exist in table "' . $dc->table . '"', __METHOD__, TL_ERROR); throw new BadRequestHttpException('Bad request'); } $varValue = $objRow->{$strField}; $dc->activeRecord = $objRow; } } // Call the load_callback if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) { foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $dc); } } } // Set the new value $varValue = \Input::post('value', true); $strKey = $this->strAction == 'reloadPagetree' ? 'pageTree' : 'fileTree'; // Convert the selected values if ($varValue != '') { $varValue = \StringUtil::trimsplit("\t", $varValue); // Automatically add resources to the DBAFS if ($strKey == 'fileTree') { foreach ($varValue as $k => $v) { if (\Dbafs::shouldBeSynchronized($v)) { $objFile = \FilesModel::findByPath($v); if ($objFile === null) { $objFile = \Dbafs::addResource($v); } $varValue[$k] = $objFile->uuid; } } } $varValue = serialize($varValue); } /** @var FileTree|PageTree $strClass */ $strClass = $GLOBALS['BE_FFL'][$strKey]; /** @var FileTree|PageTree $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->inputName, $varValue, $strField, $dc->table, $dc)); throw new ResponseException($this->convertToResponse($objWidget->generate())); // Feature/unfeature an element // Feature/unfeature an element case 'toggleFeatured': if (class_exists($dc->table, false)) { $dca = new $dc->table(); if (method_exists($dca, 'toggleFeatured')) { $dca->toggleFeatured(\Input::post('id'), \Input::post('state') == 1 ? true : false); } } throw new NoContentResponseException(); // Toggle subpalettes // Toggle subpalettes case 'toggleSubpalette': $this->import('BackendUser', 'User'); // Check whether the field is a selector field and allowed for regular users (thanks to Fabian Mihailowitsch) (see #4427) if (!is_array($GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || !in_array(\Input::post('field'), $GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !$this->User->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) { $this->log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR); throw new BadRequestHttpException('Bad request'); } if ($dc instanceof DC_Table) { if (\Input::get('act') == 'editAll') { $this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', \Input::post('id')); $this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId); if (\Input::post('load')) { echo $dc->editAll($this->strAjaxId, \Input::post('id')); } } else { $this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id); if (\Input::post('load')) { throw new ResponseException($this->convertToResponse($dc->edit(false, \Input::post('id')))); } } } elseif ($dc instanceof DC_File) { $val = intval(\Input::post('state') == 1) ? true : false; \Config::persist(\Input::post('field'), $val); if (\Input::post('load')) { \Config::set(\Input::post('field'), $val); throw new ResponseException($this->convertToResponse($dc->edit(false, \Input::post('id')))); } } throw new NoContentResponseException(); // DropZone file upload // DropZone file upload case 'fileupload': $dc->move(); throw new NoContentResponseException(); // HOOK: pass unknown actions to callback functions // HOOK: pass unknown actions to callback functions default: $this->executePostActionsHook($dc); throw new NoContentResponseException(); } }
/** * Add the file meta information to the request * * @param string $strUuid * @param string $strPtable * @param integer $intPid */ public static function addFileMetaInformationToRequest($strUuid, $strPtable, $intPid) { $objFile = \FilesModel::findByUuid($strUuid); if ($objFile === null) { return; } $arrMeta = \StringUtil::deserialize($objFile->meta); if (empty($arrMeta)) { return; } $objPage = null; if ($strPtable == 'tl_article') { $objPage = \PageModel::findOneBy(array('tl_page.id=(SELECT pid FROM tl_article WHERE id=?)'), $intPid); } else { // HOOK: support custom modules if (isset($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest']) && is_array($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest'])) { foreach ($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest'] as $callback) { if (($val = \System::importStatic($callback[0])->{$callback[1]}($strPtable, $intPid)) !== false) { $objPage = $val; } } if ($objPage instanceof Result && $objPage->numRows < 1) { return; } if (is_object($objPage) && !$objPage instanceof PageModel) { $objPage = \PageModel::findByPk($objPage->id); } } } if ($objPage === null) { return; } $objPage->loadDetails(); // Convert the language to a locale (see #5678) $strLanguage = str_replace('-', '_', $objPage->rootLanguage); if (isset($arrMeta[$strLanguage])) { if (\Input::post('title') == '' && !empty($arrMeta[$strLanguage]['title'])) { \Input::setPost('title', $arrMeta[$strLanguage]['title']); } if (\Input::post('alt') == '' && !empty($arrMeta[$strLanguage]['alt'])) { \Input::setPost('alt', $arrMeta[$strLanguage]['alt']); } if (\Input::post('caption') == '' && !empty($arrMeta[$strLanguage]['caption'])) { \Input::setPost('caption', $arrMeta[$strLanguage]['caption']); } } }
/** * Validate the widget using the value. * * @param Widget $widget The widget to validate. * * @param string|null $value The value to validate. * * @return void * * @SuppressWarnings(PHPMD.Superglobals) * @SuppressWarnings(PHPMD.CamelCaseVariableName) */ protected function validateWidget($widget, $value) { if (null === $value) { return; } $name = $widget->name; // Backup $_POST value. $keeper = Input::post($name); Input::setPost($name, $value); $widget->validate(); // Restore $_POST value. Input::setPost($name, $keeper); }
/** * Run the controller and parse the template * * @return Response */ public function run() { /** @var SessionInterface $objSession */ $objSession = \System::getContainer()->get('session'); /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_picker'); $objTemplate->main = ''; // Ajax request if ($_POST && \Environment::get('isAjaxRequest')) { $this->objAjax = new \Ajax(\Input::post('action')); $this->objAjax->executePreActions(); } $strTable = \Input::get('table'); $strField = \Input::get('field'); // Define the current ID define('CURRENT_ID', \Input::get('table') ? $objSession->get('CURRENT_ID') : \Input::get('id')); $this->loadDataContainer($strTable); $strDriver = 'DC_' . $GLOBALS['TL_DCA'][$strTable]['config']['dataContainer']; $objDca = new $strDriver($strTable); $objDca->field = $strField; // Set the active record if ($this->Database->tableExists($strTable)) { /** @var Model $strModel */ $strModel = \Model::getClassFromTable($strTable); if (class_exists($strModel)) { $objModel = $strModel::findByPk(\Input::get('id')); if ($objModel !== null) { $objDca->activeRecord = $objModel; } } } // AJAX request if ($_POST && \Environment::get('isAjaxRequest')) { $this->objAjax->executePostActions($objDca); } $objSession->set('filePickerRef', \Environment::get('request')); $arrValues = array_filter(explode(',', \Input::get('value'))); // Convert UUIDs to binary foreach ($arrValues as $k => $v) { // Can be a UUID or a path if (\Validator::isStringUuid($v)) { $arrValues[$k] = \StringUtil::uuidToBin($v); } } // Call the load_callback if (is_array($GLOBALS['TL_DCA'][$strTable]['fields'][$strField]['load_callback'])) { foreach ($GLOBALS['TL_DCA'][$strTable]['fields'][$strField]['load_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $arrValues = $this->{$callback[0]}->{$callback[1]}($arrValues, $objDca); } elseif (is_callable($callback)) { $arrValues = $callback($arrValues, $objDca); } } } /** @var FileSelector $strClass */ $strClass = $GLOBALS['BE_FFL']['fileSelector']; /** @var FileSelector $objFileTree */ $objFileTree = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$strTable]['fields'][$strField], $strField, $arrValues, $strField, $strTable, $objDca)); /** @var AttributeBagInterface $objSessionBag */ $objSessionBag = $objSession->getBag('contao_backend'); $objTemplate->main = $objFileTree->generate(); $objTemplate->theme = \Backend::getTheme(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['filepicker']); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->addSearch = true; $objTemplate->search = $GLOBALS['TL_LANG']['MSC']['search']; $objTemplate->searchExclude = $GLOBALS['TL_LANG']['MSC']['searchExclude']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->value = $objSessionBag->get('file_selector_search'); $objTemplate->manager = $GLOBALS['TL_LANG']['MSC']['fileManager']; $objTemplate->managerHref = 'contao/main.php?do=files&popup=1'; $objTemplate->breadcrumb = $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['breadcrumb']; if (\Input::get('switch')) { $objTemplate->switch = $GLOBALS['TL_LANG']['MSC']['pagePicker']; $objTemplate->switchHref = str_replace('contao/file?', 'contao/page?', ampersand(\Environment::get('request'))); } return $objTemplate->getResponse(); }
/** * @param null $intId * @return mixed */ protected function getPostPassword($intId = null) { return Input::get('act') == 'editAll' && is_numeric($intId) ? Input::post('password_' . $intId) : Input::post('password'); }
/** * Generate the module */ protected function compile() { // Show logout form if (FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); $this->Template->logout = true; $this->Template->formId = 'tl_logout_' . $this->id; $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['logout']); $this->Template->loggedInAs = sprintf($GLOBALS['TL_LANG']['MSC']['loggedInAs'], $this->User->username); $this->Template->action = ampersand(\Environment::get('indexFreeRequest')); if ($this->User->lastLogin > 0) { /** @var PageModel $objPage */ global $objPage; $this->Template->lastLogin = sprintf($GLOBALS['TL_LANG']['MSC']['lastLogin'][1], \Date::parse($objPage->datimFormat, $this->User->lastLogin)); } return; } $flashBag = \System::getContainer()->get('session')->getFlashBag(); if ($flashBag->has($this->strFlashType)) { $this->Template->hasError = true; $this->Template->message = $flashBag->get($this->strFlashType)[0]; } $this->Template->username = $GLOBALS['TL_LANG']['MSC']['username']; $this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $this->Template->action = ampersand(\Environment::get('indexFreeRequest')); $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['login']); $this->Template->value = \StringUtil::specialchars(\Input::post('username')); $this->Template->formId = 'tl_login_' . $this->id; $this->Template->autologin = $this->autologin && \Config::get('autologin') > 0; $this->Template->autoLabel = $GLOBALS['TL_LANG']['MSC']['autologin']; }
/** * Compare versions */ public function compare() { $strBuffer = ''; $arrVersions = array(); $intTo = 0; $intFrom = 0; $objVersions = $this->Database->prepare("SELECT * FROM tl_version WHERE pid=? AND fromTable=? ORDER BY version DESC")->execute($this->intPid, $this->strTable); if ($objVersions->numRows < 2) { $strBuffer = '<p>There are no versions of ' . $this->strTable . '.id=' . $this->intPid . '</p>'; } else { $intIndex = 0; $from = array(); // Store the versions and mark the active one while ($objVersions->next()) { if ($objVersions->active) { $intIndex = $objVersions->version; } $arrVersions[$objVersions->version] = $objVersions->row(); $arrVersions[$objVersions->version]['info'] = $GLOBALS['TL_LANG']['MSC']['version'] . ' ' . $objVersions->version . ' (' . \Date::parse(\Config::get('datimFormat'), $objVersions->tstamp) . ') ' . $objVersions->username; } // To if (\Input::post('to') && isset($arrVersions[\Input::post('to')])) { $intTo = \Input::post('to'); $to = \StringUtil::deserialize($arrVersions[\Input::post('to')]['data']); } elseif (\Input::get('to') && isset($arrVersions[\Input::get('to')])) { $intTo = \Input::get('to'); $to = \StringUtil::deserialize($arrVersions[\Input::get('to')]['data']); } else { $intTo = $intIndex; $to = \StringUtil::deserialize($arrVersions[$intTo]['data']); } // From if (\Input::post('from') && isset($arrVersions[\Input::post('from')])) { $intFrom = \Input::post('from'); $from = \StringUtil::deserialize($arrVersions[\Input::post('from')]['data']); } elseif (\Input::get('from') && isset($arrVersions[\Input::get('from')])) { $intFrom = \Input::get('from'); $from = \StringUtil::deserialize($arrVersions[\Input::get('from')]['data']); } elseif ($intIndex > 1) { $intFrom = $intIndex - 1; $from = \StringUtil::deserialize($arrVersions[$intFrom]['data']); } // Only continue if both version numbers are set if ($intTo > 0 && $intFrom > 0) { \System::loadLanguageFile($this->strTable); $this->loadDataContainer($this->strTable); // Get the order fields $objDcaExtractor = \DcaExtractor::getInstance($this->strTable); $arrOrder = $objDcaExtractor->getOrderFields(); // Find the changed fields and highlight the changes foreach ($to as $k => $v) { if ($from[$k] != $to[$k]) { if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['doNotShow'] || $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['hideInput']) { continue; } $blnIsBinary = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['inputType'] == 'fileTree' || in_array($k, $arrOrder); // Decrypt the values if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['encrypt']) { $to[$k] = \Encryption::decrypt($to[$k]); $from[$k] = \Encryption::decrypt($from[$k]); } // Convert serialized arrays into strings if (is_array($tmp = \StringUtil::deserialize($to[$k])) && !is_array($to[$k])) { $to[$k] = $this->implodeRecursive($tmp, $blnIsBinary); } if (is_array($tmp = \StringUtil::deserialize($from[$k])) && !is_array($from[$k])) { $from[$k] = $this->implodeRecursive($tmp, $blnIsBinary); } unset($tmp); // Convert binary UUIDs to their hex equivalents (see #6365) if ($blnIsBinary && \Validator::isBinaryUuid($to[$k])) { $to[$k] = \StringUtil::binToUuid($to[$k]); } if ($blnIsBinary && \Validator::isBinaryUuid($from[$k])) { $to[$k] = \StringUtil::binToUuid($from[$k]); } // Convert date fields if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'date') { $to[$k] = \Date::parse(\Config::get('dateFormat'), $to[$k] ?: ''); $from[$k] = \Date::parse(\Config::get('dateFormat'), $from[$k] ?: ''); } elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'time') { $to[$k] = \Date::parse(\Config::get('timeFormat'), $to[$k] ?: ''); $from[$k] = \Date::parse(\Config::get('timeFormat'), $from[$k] ?: ''); } elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'datim' || $k == 'tstamp') { $to[$k] = \Date::parse(\Config::get('datimFormat'), $to[$k] ?: ''); $from[$k] = \Date::parse(\Config::get('datimFormat'), $from[$k] ?: ''); } // Convert strings into arrays if (!is_array($to[$k])) { $to[$k] = explode("\n", $to[$k]); } if (!is_array($from[$k])) { $from[$k] = explode("\n", $from[$k]); } $objDiff = new \Diff($from[$k], $to[$k]); $strBuffer .= $objDiff->render(new DiffRenderer(array('field' => $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['label'][0] ?: (isset($GLOBALS['TL_LANG']['MSC'][$k]) ? is_array($GLOBALS['TL_LANG']['MSC'][$k]) ? $GLOBALS['TL_LANG']['MSC'][$k][0] : $GLOBALS['TL_LANG']['MSC'][$k] : $k)))); } } } } // Identical versions if ($strBuffer == '') { $strBuffer = '<p>' . $GLOBALS['TL_LANG']['MSC']['identicalVersions'] . '</p>'; } /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_diff'); // Template variables $objTemplate->content = $strBuffer; $objTemplate->versions = $arrVersions; $objTemplate->to = $intTo; $objTemplate->from = $intFrom; $objTemplate->showLabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['showDifferences']); $objTemplate->theme = \Backend::getTheme(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['showDifferences']); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->action = ampersand(\Environment::get('request')); throw new ResponseException($objTemplate->getResponse()); }
/** * Generate the module */ protected function compile() { // Mark the x and y parameter as used (see #4277) if (isset($_GET['x'])) { \Input::get('x'); \Input::get('y'); } // Trigger the search module from a custom form if (!isset($_GET['keywords']) && \Input::post('FORM_SUBMIT') == 'tl_search') { $_GET['keywords'] = \Input::post('keywords'); $_GET['query_type'] = \Input::post('query_type'); $_GET['per_page'] = \Input::post('per_page'); } $blnFuzzy = $this->fuzzy; $strQueryType = \Input::get('query_type') ?: $this->queryType; $strKeywords = trim(\Input::get('keywords')); $this->Template->uniqueId = $this->id; $this->Template->queryType = $strQueryType; $this->Template->keyword = \StringUtil::specialchars($strKeywords); $this->Template->keywordLabel = $GLOBALS['TL_LANG']['MSC']['keywords']; $this->Template->optionsLabel = $GLOBALS['TL_LANG']['MSC']['options']; $this->Template->search = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['searchLabel']); $this->Template->matchAll = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['matchAll']); $this->Template->matchAny = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['matchAny']); $this->Template->action = ampersand(\Environment::get('indexFreeRequest')); $this->Template->advanced = $this->searchType == 'advanced'; // Redirect page if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) instanceof PageModel) { /** @var PageModel $objTarget */ $this->Template->action = $objTarget->getFrontendUrl(); } $this->Template->pagination = ''; $this->Template->results = ''; // Execute the search if there are keywords if ($strKeywords != '' && $strKeywords != '*' && !$this->jumpTo) { // Reference page if ($this->rootPage > 0) { $intRootId = $this->rootPage; $arrPages = $this->Database->getChildRecords($this->rootPage, 'tl_page'); array_unshift($arrPages, $this->rootPage); } else { /** @var PageModel $objPage */ global $objPage; $intRootId = $objPage->rootId; $arrPages = $this->Database->getChildRecords($objPage->rootId, 'tl_page'); } // HOOK: add custom logic (see #5223) if (isset($GLOBALS['TL_HOOKS']['customizeSearch']) && is_array($GLOBALS['TL_HOOKS']['customizeSearch'])) { foreach ($GLOBALS['TL_HOOKS']['customizeSearch'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($arrPages, $strKeywords, $strQueryType, $blnFuzzy); } } // Return if there are no pages if (!is_array($arrPages) || empty($arrPages)) { return; } $strCachePath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', \System::getContainer()->getParameter('kernel.cache_dir')); $arrResult = null; $strChecksum = md5($strKeywords . $strQueryType . $intRootId . $blnFuzzy); $query_starttime = microtime(true); $strCacheFile = $strCachePath . '/contao/search/' . $strChecksum . '.json'; // Load the cached result if (file_exists(TL_ROOT . '/' . $strCacheFile)) { $objFile = new \File($strCacheFile); if ($objFile->mtime > time() - 1800) { $arrResult = json_decode($objFile->getContent(), true); } else { $objFile->delete(); } } // Cache the result if ($arrResult === null) { try { $objSearch = \Search::searchFor($strKeywords, $strQueryType == 'or', $arrPages, 0, 0, $blnFuzzy); $arrResult = $objSearch->fetchAllAssoc(); } catch (\Exception $e) { $this->log('Website search failed: ' . $e->getMessage(), __METHOD__, TL_ERROR); $arrResult = array(); } \File::putContent($strCacheFile, json_encode($arrResult)); } $query_endtime = microtime(true); // Sort out protected pages if (\Config::get('indexProtected') && !BE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); foreach ($arrResult as $k => $v) { if ($v['protected']) { if (!FE_USER_LOGGED_IN) { unset($arrResult[$k]); } else { $groups = \StringUtil::deserialize($v['groups']); if (!is_array($groups) || empty($groups) || !count(array_intersect($groups, $this->User->groups))) { unset($arrResult[$k]); } } } } $arrResult = array_values($arrResult); } $count = count($arrResult); $this->Template->count = $count; $this->Template->page = null; $this->Template->keywords = $strKeywords; // No results if ($count < 1) { $this->Template->header = sprintf($GLOBALS['TL_LANG']['MSC']['sEmpty'], $strKeywords); $this->Template->duration = substr($query_endtime - $query_starttime, 0, 6) . ' ' . $GLOBALS['TL_LANG']['MSC']['seconds']; return; } $from = 1; $to = $count; // Pagination if ($this->perPage > 0) { $id = 'page_s' . $this->id; $page = \Input::get($id) !== null ? \Input::get($id) : 1; $per_page = \Input::get('per_page') ?: $this->perPage; // Do not index or cache the page if the page number is outside the range if ($page < 1 || $page > max(ceil($count / $per_page), 1)) { throw new PageNotFoundException('Page not found: ' . \Environment::get('uri')); } $from = ($page - 1) * $per_page + 1; $to = $from + $per_page > $count ? $count : $from + $per_page - 1; // Pagination menu if ($to < $count || $from > 1) { $objPagination = new \Pagination($count, $per_page, \Config::get('maxPaginationLinks'), $id); $this->Template->pagination = $objPagination->generate("\n "); } $this->Template->page = $page; } // Get the results for ($i = $from - 1; $i < $to && $i < $count; $i++) { /** @var FrontendTemplate|object $objTemplate */ $objTemplate = new \FrontendTemplate($this->searchTpl); $objTemplate->url = $arrResult[$i]['url']; $objTemplate->link = $arrResult[$i]['title']; $objTemplate->href = $arrResult[$i]['url']; $objTemplate->title = \StringUtil::specialchars($arrResult[$i]['title']); $objTemplate->class = ($i == $from - 1 ? 'first ' : '') . ($i == $to - 1 || $i == $count - 1 ? 'last ' : '') . ($i % 2 == 0 ? 'even' : 'odd'); $objTemplate->relevance = sprintf($GLOBALS['TL_LANG']['MSC']['relevance'], number_format($arrResult[$i]['relevance'] / $arrResult[0]['relevance'] * 100, 2) . '%'); $objTemplate->filesize = $arrResult[$i]['filesize']; $objTemplate->matches = $arrResult[$i]['matches']; $arrContext = array(); $arrMatches = \StringUtil::trimsplit(',', $arrResult[$i]['matches']); // Get the context foreach ($arrMatches as $strWord) { $arrChunks = array(); preg_match_all('/(^|\\b.{0,' . $this->contextLength . '}\\PL)' . str_replace('+', '\\+', $strWord) . '(\\PL.{0,' . $this->contextLength . '}\\b|$)/ui', $arrResult[$i]['text'], $arrChunks); foreach ($arrChunks[0] as $strContext) { $arrContext[] = ' ' . $strContext . ' '; } } // Shorten the context and highlight all keywords if (!empty($arrContext)) { $objTemplate->context = trim(\StringUtil::substrHtml(implode('…', $arrContext), $this->totalLength)); $objTemplate->context = preg_replace('/(\\PL)(' . implode('|', $arrMatches) . ')(\\PL)/ui', '$1<mark class="highlight">$2</mark>$3', $objTemplate->context); $objTemplate->hasContext = true; } $this->Template->results .= $objTemplate->parse(); } $this->Template->header = vsprintf($GLOBALS['TL_LANG']['MSC']['sResults'], array($from, $to, $count, $strKeywords)); $this->Template->duration = substr($query_endtime - $query_starttime, 0, 6) . ' ' . $GLOBALS['TL_LANG']['MSC']['seconds']; } }
/** * Set the new password */ protected function setNewPassword() { $objMember = \MemberModel::findOneByActivation(\Input::get('token')); if ($objMember === null || $objMember->login == '') { $this->strTemplate = 'mod_message'; /** @var FrontendTemplate|object $objTemplate */ $objTemplate = new \FrontendTemplate($this->strTemplate); $this->Template = $objTemplate; $this->Template->type = 'error'; $this->Template->message = $GLOBALS['TL_LANG']['MSC']['accountError']; return; } $strTable = $objMember->getTable(); // Initialize the versioning (see #8301) $objVersions = new \Versions($strTable, $objMember->id); $objVersions->setUsername($objMember->username); $objVersions->setUserId(0); $objVersions->setEditUrl('contao/main.php?do=member&act=edit&id=%s&rt=1'); $objVersions->initialize(); // Define the form field $arrField = $GLOBALS['TL_DCA']['tl_member']['fields']['password']; /** @var Widget $strClass */ $strClass = $GLOBALS['TL_FFL']['password']; // Fallback to default if the class is not defined if (!class_exists($strClass)) { $strClass = 'FormPassword'; } /** @var Widget $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($arrField, 'password')); // Set row classes $objWidget->rowClass = 'row_0 row_first even'; $objWidget->rowClassConfirm = 'row_1 odd'; $this->Template->rowLast = 'row_2 row_last even'; /** @var SessionInterface $objSession */ $objSession = \System::getContainer()->get('session'); // Validate the field if (strlen(\Input::post('FORM_SUBMIT')) && \Input::post('FORM_SUBMIT') == $objSession->get('setPasswordToken')) { $objWidget->validate(); // Set the new password and redirect if (!$objWidget->hasErrors()) { $objSession->set('setPasswordToken', ''); $objMember->tstamp = time(); $objMember->activation = ''; $objMember->password = $objWidget->value; $objMember->save(); // Create a new version if ($GLOBALS['TL_DCA'][$strTable]['config']['enableVersioning']) { $objVersions->create(); } // HOOK: set new password callback if (isset($GLOBALS['TL_HOOKS']['setNewPassword']) && is_array($GLOBALS['TL_HOOKS']['setNewPassword'])) { foreach ($GLOBALS['TL_HOOKS']['setNewPassword'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($objMember, $objWidget->value, $this); } } // Redirect to the jumpTo page if (($objTarget = $this->objModel->getRelated('reg_jumpTo')) instanceof PageModel) { /** @var PageModel $objTarget */ $this->redirect($objTarget->getFrontendUrl()); } // Confirm $this->strTemplate = 'mod_message'; /** @var FrontendTemplate|object $objTemplate */ $objTemplate = new \FrontendTemplate($this->strTemplate); $this->Template = $objTemplate; $this->Template->type = 'confirm'; $this->Template->message = $GLOBALS['TL_LANG']['MSC']['newPasswordSet']; return; } } $strToken = md5(uniqid(mt_rand(), true)); $objSession->set('setPasswordToken', $strToken); $this->Template->formId = $strToken; $this->Template->fields = $objWidget->parse(); $this->Template->action = \Environment::get('indexFreeRequest'); $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['setNewPassword']); }
/** * Find ten matching usernames and return them as JSON */ protected function getDatalistOptions() { if (!$this->User->isAdmin) { header('HTTP/1.1 400 Bad Request'); die('You must be an administrator to use the script'); } $arrUsers = array(); $time = \Date::floorToMinute(); // Get the active front end users $objUsers = $this->Database->prepare("SELECT username FROM tl_member WHERE username LIKE ? AND login='******' AND disable!='1' AND (start='' OR start<='{$time}') AND (stop='' OR stop>'" . ($time + 60) . "') ORDER BY username")->limit(10)->execute(str_replace('%', '', \Input::post('value')) . '%'); if ($objUsers->numRows) { $arrUsers = $objUsers->fetchEach('username'); } header('Content-type: application/json'); die(json_encode($arrUsers)); }
/** * Generate the widget and return it as string * * @return string */ public function generate() { $this->import('BackendUser', 'User'); $this->convertValuesToPaths(); if ($this->extensions != '') { $this->arrValidFileTypes = \StringUtil::trimsplit(',', strtolower($this->extensions)); } /** @var AttributeBagInterface $objSessionBag */ $objSessionBag = \System::getContainer()->get('session')->getBag('contao_backend'); // Store the keyword if (\Input::post('FORM_SUBMIT') == 'item_selector') { $strKeyword = ltrim(\Input::postRaw('keyword'), '*'); // Make sure the regular expression is valid if ($strKeyword != '') { try { $this->Database->prepare("SELECT * FROM tl_files WHERE name REGEXP ?")->limit(1)->execute($strKeyword); } catch (\Exception $e) { $strKeyword = ''; } } $objSessionBag->set('file_selector_search', $strKeyword); $this->reload(); } $tree = ''; $for = $objSessionBag->get('file_selector_search'); $arrFound = array(); // Search for a specific file if ($for != '') { // Wrap in a try catch block in case the regular expression is invalid (see #7743) try { $strPattern = "CAST(name AS CHAR) REGEXP ?"; if (substr(\Config::get('dbCollation'), -3) == '_ci') { $strPattern = "LOWER(CAST(name AS CHAR)) REGEXP LOWER(?)"; } $strType = ''; if (strpos($for, 'type:file') !== false) { $strType = " AND type='file'"; $for = trim(str_replace('type:file', '', $for)); } if (strpos($for, 'type:folder') !== false) { $strType = " AND type='folder'"; $for = trim(str_replace('type:folder', '', $for)); } $objRoot = $this->Database->prepare("SELECT path, type, extension FROM tl_files WHERE {$strPattern} {$strType} GROUP BY path")->execute($for); if ($objRoot->numRows < 1) { $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array(''); } else { $arrPaths = array(); // Respect existing limitations if ($this->path != '') { while ($objRoot->next()) { if (strncmp($this->path . '/', $objRoot->path . '/', strlen($this->path) + 1) === 0) { if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) { $arrFound[] = $objRoot->path; } $arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path); } } } elseif ($this->User->isAdmin) { // Show all files to admins while ($objRoot->next()) { if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) { $arrFound[] = $objRoot->path; } $arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path); } } else { if (is_array($this->User->filemounts)) { while ($objRoot->next()) { // Show only mounted folders to regular users foreach ($this->User->filemounts as $path) { if (strncmp($path . '/', $objRoot->path . '/', strlen($path) + 1) === 0) { if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) { $arrFound[] = $objRoot->path; } $arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path); } } } } } $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array_unique($arrPaths); } } catch (\Exception $e) { } } $strNode = $objSessionBag->get('tl_files_picker'); // Unset the node if it is not within the path (see #5899) if ($strNode != '' && $this->path != '') { if (strncmp($strNode . '/', $this->path . '/', strlen($this->path) + 1) !== 0) { $objSessionBag->remove('tl_files_picker'); } } // Add the breadcrumb menu if (\Input::get('do') != 'files') { \Backend::addFilesBreadcrumb('tl_files_picker'); } // Root nodes (breadcrumb menu) if (!empty($GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'])) { $root = $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root']; // Allow only those roots that are within the custom path if ($this->path != '') { $root = array_intersect(preg_grep('/^' . preg_quote($this->path, '/') . '(?:$|\\/)/', $root), $root); if (empty($root)) { // Set all folders inside the custom path as root nodes $root = array_map(function ($el) { return $this->path . '/' . $el; }, scan(TL_ROOT . '/' . $this->path)); // Hide the breadcrumb $GLOBALS['TL_DCA']['tl_file']['list']['sorting']['breadcrumb'] = ''; } } $nodes = $this->eliminateNestedPaths($root); foreach ($nodes as $node) { $tree .= $this->renderFiletree(TL_ROOT . '/' . $node, 0, true, true, $arrFound); } } elseif ($this->path != '') { $tree .= $this->renderFiletree(TL_ROOT . '/' . $this->path, 0, false, $this->isProtectedPath($this->path), $arrFound); } elseif ($this->User->isAdmin) { $tree .= $this->renderFiletree(TL_ROOT . '/' . \Config::get('uploadPath'), 0, false, true, $arrFound); } else { $nodes = $this->eliminateNestedPaths($this->User->filemounts); foreach ($nodes as $node) { $tree .= $this->renderFiletree(TL_ROOT . '/' . $node, 0, true, true, $arrFound); } } // Select all checkboxes if ($this->fieldType == 'checkbox') { $strReset = "\n" . ' <li class="tl_folder"><div class="tl_left"> </div> <div class="tl_right"><label for="check_all_' . $this->strId . '" class="tl_change_selected">' . $GLOBALS['TL_LANG']['MSC']['selectAll'] . '</label> <input type="checkbox" id="check_all_' . $this->strId . '" class="tl_tree_checkbox" value="" onclick="Backend.toggleCheckboxGroup(this,\'' . $this->strName . '\')"></div><div style="clear:both"></div></li>'; } else { $strReset = "\n" . ' <li class="tl_folder"><div class="tl_left"> </div> <div class="tl_right"><label for="reset_' . $this->strId . '" class="tl_change_selected">' . $GLOBALS['TL_LANG']['MSC']['resetSelected'] . '</label> <input type="radio" name="' . $this->strName . '" id="reset_' . $this->strName . '" class="tl_tree_radio" value="" onfocus="Backend.getScrollOffset()"></div><div style="clear:both"></div></li>'; } // Return the tree return '<ul class="tl_listing tree_view picker_selector' . ($this->strClass != '' ? ' ' . $this->strClass : '') . '" id="' . $this->strId . '"> <li class="tl_folder_top"><div class="tl_left">' . \Image::getHtml($GLOBALS['TL_DCA']['tl_files']['list']['sorting']['icon'] ?: 'filemounts.svg') . ' ' . (\Config::get('websiteTitle') ?: 'Contao Open Source CMS') . '</div> <div class="tl_right"> </div><div style="clear:both"></div></li><li class="parent" id="' . $this->strId . '_parent"><ul>' . $tree . $strReset . ' </ul></li></ul>'; }
/** * Generate the module */ protected function compile() { /** @var PageModel $objPage */ global $objPage; $GLOBALS['TL_LANGUAGE'] = $objPage->language; \System::loadLanguageFile('tl_member'); $this->loadDataContainer('tl_member'); // Call onload_callback (e.g. to check permissions) if (is_array($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'])) { foreach ($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}(); } elseif (is_callable($callback)) { $callback(); } } } // Activate account if (\Input::get('token') != '') { $this->activateAcount(); return; } if ($this->memberTpl != '') { /** @var FrontendTemplate|object $objTemplate */ $objTemplate = new \FrontendTemplate($this->memberTpl); $this->Template = $objTemplate; $this->Template->setData($this->arrData); } $this->Template->fields = ''; $objCaptcha = null; $doNotSubmit = false; $strFormId = 'tl_registration_' . $this->id; // Predefine the group order (other groups will be appended automatically) $arrGroups = array('personal' => array(), 'address' => array(), 'contact' => array(), 'login' => array(), 'profile' => array()); // Captcha if (!$this->disableCaptcha) { $arrCaptcha = array('id' => 'registration', 'label' => $GLOBALS['TL_LANG']['MSC']['securityQuestion'], 'type' => 'captcha', 'mandatory' => true, 'required' => true); /** @var FormCaptcha $strClass */ $strClass = $GLOBALS['TL_FFL']['captcha']; // Fallback to default if the class is not defined if (!class_exists($strClass)) { $strClass = 'FormCaptcha'; } /** @var FormCaptcha $objCaptcha */ $objCaptcha = new $strClass($arrCaptcha); if (\Input::post('FORM_SUBMIT') == $strFormId) { $objCaptcha->validate(); if ($objCaptcha->hasErrors()) { $doNotSubmit = true; } } } $objMember = null; // Check for a follow-up registration (see #7992) if (\Input::post('email', true) != '' && ($objMember = \MemberModel::findUnactivatedByEmail(\Input::post('email', true))) !== null) { $this->resendActivationMail($objMember); return; } $arrUser = array(); $arrFields = array(); $hasUpload = false; $i = 0; // Build form foreach ($this->editable as $field) { $arrData = $GLOBALS['TL_DCA']['tl_member']['fields'][$field]; // Map checkboxWizards to regular checkbox widgets if ($arrData['inputType'] == 'checkboxWizard') { $arrData['inputType'] = 'checkbox'; } // Map fileTrees to upload widgets (see #8091) if ($arrData['inputType'] == 'fileTree') { $arrData['inputType'] = 'upload'; } /** @var Widget $strClass */ $strClass = $GLOBALS['TL_FFL'][$arrData['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrData['eval']['required'] = $arrData['eval']['mandatory']; // Unset the unique field check upon follow-up registrations if ($objMember !== null && $arrData['eval']['unique'] && \Input::post($field) == $objMember->{$field}) { $arrData['eval']['unique'] = false; } $objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $arrData['default'], '', '', $this)); $objWidget->storeValues = true; $objWidget->rowClass = 'row_' . $i . ($i == 0 ? ' row_first' : '') . ($i % 2 == 0 ? ' even' : ' odd'); // Increase the row count if its a password field if ($objWidget instanceof FormPassword) { $objWidget->rowClassConfirm = 'row_' . ++$i . ($i % 2 == 0 ? ' even' : ' odd'); } // Validate input if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); $varValue = $objWidget->value; // Check whether the password matches the username if ($objWidget instanceof FormPassword && \Encryption::verify(\Input::post('username'), $varValue)) { $objWidget->addError($GLOBALS['TL_LANG']['ERR']['passwordName']); } $rgxp = $arrData['eval']['rgxp']; // Convert date formats into timestamps (check the eval setting first -> #3063) if ($varValue != '' && in_array($rgxp, array('date', 'time', 'datim'))) { try { $objDate = new \Date($varValue, \Date::getFormatFromRgxp($rgxp)); $varValue = $objDate->tstamp; } catch (\OutOfBoundsException $e) { $objWidget->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varValue)); } } // Make sure that unique fields are unique (check the eval setting first -> #3063) if ($arrData['eval']['unique'] && $varValue != '' && !$this->Database->isUniqueValue('tl_member', $field, $varValue)) { $objWidget->addError(sprintf($GLOBALS['TL_LANG']['ERR']['unique'], $arrData['label'][0] ?: $field)); } // Save callback if ($objWidget->submitInput() && !$objWidget->hasErrors() && is_array($arrData['save_callback'])) { foreach ($arrData['save_callback'] as $callback) { try { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, null); } elseif (is_callable($callback)) { $varValue = $callback($varValue, null); } } catch (\Exception $e) { $objWidget->class = 'error'; $objWidget->addError($e->getMessage()); } } } // Store the current value if ($objWidget->hasErrors()) { $doNotSubmit = true; } elseif ($objWidget->submitInput()) { // Set the correct empty value (see #6284, #6373) if ($varValue === '') { $varValue = $objWidget->getEmptyValue(); } // Encrypt the value (see #7815) if ($arrData['eval']['encrypt']) { $varValue = \Encryption::encrypt($varValue); } // Set the new value $arrUser[$field] = $varValue; } } if ($objWidget instanceof \uploadable) { $hasUpload = true; } $temp = $objWidget->parse(); $this->Template->fields .= $temp; $arrFields[$arrData['eval']['feGroup']][$field] .= $temp; ++$i; } // Captcha if (!$this->disableCaptcha) { $objCaptcha->rowClass = 'row_' . $i . ($i == 0 ? ' row_first' : '') . ($i % 2 == 0 ? ' even' : ' odd'); $strCaptcha = $objCaptcha->parse(); $this->Template->fields .= $strCaptcha; $arrFields['captcha']['captcha'] .= $strCaptcha; } $this->Template->rowLast = 'row_' . ++$i . ($i % 2 == 0 ? ' even' : ' odd'); $this->Template->enctype = $hasUpload ? 'multipart/form-data' : 'application/x-www-form-urlencoded'; $this->Template->hasError = $doNotSubmit; // Create new user if there are no errors if (\Input::post('FORM_SUBMIT') == $strFormId && !$doNotSubmit) { $this->createNewUser($arrUser); } $this->Template->loginDetails = $GLOBALS['TL_LANG']['tl_member']['loginDetails']; $this->Template->addressDetails = $GLOBALS['TL_LANG']['tl_member']['addressDetails']; $this->Template->contactDetails = $GLOBALS['TL_LANG']['tl_member']['contactDetails']; $this->Template->personalData = $GLOBALS['TL_LANG']['tl_member']['personalData']; $this->Template->captchaDetails = $GLOBALS['TL_LANG']['MSC']['securityQuestion']; // Add the groups foreach ($arrFields as $k => $v) { // Deprecated since Contao 4.0, to be removed in Contao 5.0 $this->Template->{$k} = $v; $key = $k . ($k == 'personal' ? 'Data' : 'Details'); $arrGroups[$GLOBALS['TL_LANG']['tl_member'][$key]] = $v; } $this->Template->categories = $arrGroups; $this->Template->formId = $strFormId; $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['register']); $this->Template->action = \Environment::get('indexFreeRequest'); // Deprecated since Contao 4.0, to be removed in Contao 5.0 $this->Template->captcha = $arrFields['captcha']['captcha']; }
/** * Generate the filter panel and return it as HTML string * * @param integer $intFilterPanel * * @return string */ protected function filterMenu($intFilterPanel) { /** @var AttributeBagInterface $objSessionBag */ $objSessionBag = \System::getContainer()->get('session')->getBag('contao_backend'); $fields = ''; $this->bid = 'tl_buttons_a'; $sortingFields = array(); $session = $objSessionBag->all(); $filter = $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 4 ? $this->strTable . '_' . CURRENT_ID : $this->strTable; // Get the sorting fields foreach ($GLOBALS['TL_DCA'][$this->strTable]['fields'] as $k => $v) { if (intval($v['filter']) == $intFilterPanel) { $sortingFields[] = $k; } } // Return if there are no sorting fields if (empty($sortingFields)) { return ''; } // Set filter from user input if (\Input::post('FORM_SUBMIT') == 'tl_filters') { foreach ($sortingFields as $field) { if (\Input::post($field, true) != 'tl_' . $field) { $session['filter'][$filter][$field] = \Input::post($field, true); } else { unset($session['filter'][$filter][$field]); } } $objSessionBag->replace($session); } else { foreach ($sortingFields as $field) { if (isset($session['filter'][$filter][$field])) { // Sort by day if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6))) { if ($session['filter'][$filter][$field] == '') { $this->procedure[] = $field . "=''"; } else { $objDate = new \Date($session['filter'][$filter][$field]); $this->procedure[] = $field . ' BETWEEN ? AND ?'; $this->values[] = $objDate->dayBegin; $this->values[] = $objDate->dayEnd; } } elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(7, 8))) { if ($session['filter'][$filter][$field] == '') { $this->procedure[] = $field . "=''"; } else { $objDate = new \Date($session['filter'][$filter][$field]); $this->procedure[] = $field . ' BETWEEN ? AND ?'; $this->values[] = $objDate->monthBegin; $this->values[] = $objDate->monthEnd; } } elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(9, 10))) { if ($session['filter'][$filter][$field] == '') { $this->procedure[] = $field . "=''"; } else { $objDate = new \Date($session['filter'][$filter][$field]); $this->procedure[] = $field . ' BETWEEN ? AND ?'; $this->values[] = $objDate->yearBegin; $this->values[] = $objDate->yearEnd; } } elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) { // CSV lists (see #2890) if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'])) { $this->procedure[] = $this->Database->findInSet('?', $field, true); $this->values[] = $session['filter'][$filter][$field]; } else { $this->procedure[] = $field . ' LIKE ?'; $this->values[] = '%"' . $session['filter'][$filter][$field] . '"%'; } } else { $this->procedure[] = $field . '=?'; $this->values[] = $session['filter'][$filter][$field]; } } } } // Add sorting options foreach ($sortingFields as $cnt => $field) { $arrValues = array(); $arrProcedure = array(); if ($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 4) { $arrProcedure[] = 'pid=?'; $arrValues[] = CURRENT_ID; } if (!empty($this->root) && is_array($this->root)) { $arrProcedure[] = "id IN(" . implode(',', array_map('intval', $this->root)) . ")"; } // Check for a static filter (see #4719) if (!empty($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter']) && is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter'])) { foreach ($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter'] as $fltr) { $arrProcedure[] = $fltr[0]; $arrValues[] = $fltr[1]; } } // Support empty ptable fields if ($GLOBALS['TL_DCA'][$this->strTable]['config']['dynamicPtable']) { $arrProcedure[] = $this->ptable == 'tl_article' ? "(ptable=? OR ptable='')" : "ptable=?"; $arrValues[] = $this->ptable; } $objFields = $this->Database->prepare("SELECT DISTINCT " . $field . " FROM " . $this->strTable . (is_array($arrProcedure) && strlen($arrProcedure[0]) ? ' WHERE ' . implode(' AND ', $arrProcedure) : ''))->execute($arrValues); // Begin select menu $fields .= ' <select name="' . $field . '" id="' . $field . '" class="tl_select' . (isset($session['filter'][$filter][$field]) ? ' active' : '') . '"> <option value="tl_' . $field . '">' . (is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label']) ? $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label'][0] : $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label']) . '</option> <option value="tl_' . $field . '">---</option>'; if ($objFields->numRows) { $options = $objFields->fetchEach($field); // Sort by day if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6))) { $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 6 ? rsort($options) : sort($options); foreach ($options as $k => $v) { if ($v == '') { $options[$v] = '-'; } else { $options[$v] = \Date::parse(\Config::get('dateFormat'), $v); } unset($options[$k]); } } elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(7, 8))) { $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 8 ? rsort($options) : sort($options); foreach ($options as $k => $v) { if ($v == '') { $options[$v] = '-'; } else { $options[$v] = date('Y-m', $v); $intMonth = date('m', $v) - 1; if (isset($GLOBALS['TL_LANG']['MONTHS'][$intMonth])) { $options[$v] = $GLOBALS['TL_LANG']['MONTHS'][$intMonth] . ' ' . date('Y', $v); } } unset($options[$k]); } } elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(9, 10))) { $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 10 ? rsort($options) : sort($options); foreach ($options as $k => $v) { if ($v == '') { $options[$v] = '-'; } else { $options[$v] = date('Y', $v); } unset($options[$k]); } } // Manual filter if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) { $moptions = array(); // TODO: find a more effective solution foreach ($options as $option) { // CSV lists (see #2890) if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'])) { $doptions = trimsplit($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'], $option); } else { $doptions = deserialize($option); } if (is_array($doptions)) { $moptions = array_merge($moptions, $doptions); } } $options = $moptions; } $options = array_unique($options); $options_callback = array(); // Call the options_callback if ((is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback']) || is_callable($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) && !$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference']) { if (is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) { $strClass = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'][0]; $strMethod = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'][1]; $this->import($strClass); $options_callback = $this->{$strClass}->{$strMethod}($this); } elseif (is_callable($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) { $options_callback = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback']($this); } // Sort options according to the keys of the callback array $options = array_intersect(array_keys($options_callback), $options); } $options_sorter = array(); $blnDate = in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6, 7, 8, 9, 10)); // Options foreach ($options as $kk => $vv) { $value = $blnDate ? $kk : $vv; // Options callback if (!empty($options_callback) && is_array($options_callback)) { $vv = $options_callback[$vv]; } elseif (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['foreignKey'])) { $key = explode('.', $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['foreignKey'], 2); $objParent = $this->Database->prepare("SELECT " . $key[1] . " AS value FROM " . $key[0] . " WHERE id=?")->limit(1)->execute($vv); if ($objParent->numRows) { $vv = $objParent->value; } } elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['isBoolean'] || $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['inputType'] == 'checkbox' && !$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) { $vv = $vv != '' ? $GLOBALS['TL_LANG']['MSC']['yes'] : $GLOBALS['TL_LANG']['MSC']['no']; } elseif ($field == 'pid') { $this->loadDataContainer($this->ptable); $showFields = $GLOBALS['TL_DCA'][$this->ptable]['list']['label']['fields']; if (!$showFields[0]) { $showFields[0] = 'id'; } $objShowFields = $this->Database->prepare("SELECT " . $showFields[0] . " FROM " . $this->ptable . " WHERE id=?")->limit(1)->execute($vv); if ($objShowFields->numRows) { $vv = $objShowFields->{$showFields[0]}; } } $option_label = ''; // Use reference array if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'])) { $option_label = is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv]) ? $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv][0] : $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv]; } elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['isAssociative'] || array_is_assoc($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options'])) { $option_label = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options'][$vv]; } // No empty options allowed if (!strlen($option_label)) { $option_label = $vv ?: '-'; } $options_sorter[' <option value="' . specialchars($value) . '"' . (isset($session['filter'][$filter][$field]) && $value == $session['filter'][$filter][$field] ? ' selected="selected"' : '') . '>' . $option_label . '</option>'] = Utf8::toAscii($option_label); } // Sort by option values if (!$blnDate) { natcasesort($options_sorter); if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(2, 4, 12))) { $options_sorter = array_reverse($options_sorter, true); } } $fields .= "\n" . implode("\n", array_keys($options_sorter)); } // End select menu $fields .= ' </select> '; // Force a line-break after six elements (see #3777) if (($cnt + 1) % 6 == 0) { $fields .= '<br>'; } } return ' <div class="tl_filter tl_subpanel"> <strong>' . $GLOBALS['TL_LANG']['MSC']['filter'] . ':</strong> ' . $fields . ' </div>'; }
/** * Generate the module */ protected function compile() { // Show logout form if (FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); $this->Template->logout = true; $this->Template->formId = 'tl_logout_' . $this->id; $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['logout']); $this->Template->loggedInAs = sprintf($GLOBALS['TL_LANG']['MSC']['loggedInAs'], $this->User->username); $this->Template->action = ampersand(\Environment::get('indexFreeRequest')); if ($this->User->lastLogin > 0) { /** @var PageModel $objPage */ global $objPage; $this->Template->lastLogin = sprintf($GLOBALS['TL_LANG']['MSC']['lastLogin'][1], \Date::parse($objPage->datimFormat, $this->User->lastLogin)); } return; } $blnHasError = false; if (isset($_SESSION['MESSAGES'][TL_MODE]['TL_ERROR'])) { $blnHasError = true; $_SESSION['LOGIN_ERROR'] = $_SESSION['MESSAGES'][TL_MODE]['TL_ERROR'][0]; unset($_SESSION['MESSAGES'][TL_MODE]['TL_ERROR']); } if (isset($_SESSION['LOGIN_ERROR'])) { $blnHasError = true; $this->Template->message = $_SESSION['LOGIN_ERROR']; } $this->Template->hasError = $blnHasError; $this->Template->username = $GLOBALS['TL_LANG']['MSC']['username']; $this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $this->Template->action = ampersand(\Environment::get('indexFreeRequest')); $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['login']); $this->Template->value = \StringUtil::specialchars(\Input::post('username')); $this->Template->formId = 'tl_login_' . $this->id; $this->Template->autologin = $this->autologin && \Config::get('autologin') > 0; $this->Template->autoLabel = $GLOBALS['TL_LANG']['MSC']['autologin']; }
/** * @param array $arrClasses * @param DataContainer $dc */ protected function saveClassesToCssID(array $arrClasses, DataContainer $dc) { $strCssIDName = $this->getCssIDName($dc->id); $arrPostedCssID = Input::post($strCssIDName); $arrPostedCssID[1] = implode(' ', $arrClasses); $arrPostedCssID[1] = str_replace(' ', ' ', $arrPostedCssID[1]); $arrPostedCssID[1] = trim($arrPostedCssID[1]); $dc->activeRecord->cssID = serialize($arrPostedCssID); Input::setPost($strCssIDName, $arrPostedCssID); $objDatabase = Database::getInstance(); $objDatabase->prepare("UPDATE {$dc->table} SET cssID=? WHERE id=?")->execute(serialize($arrPostedCssID), $dc->id); }
/** * Generate the module */ protected function compile() { /** @var PageModel $objPage */ global $objPage; $this->import('FrontendUser', 'User'); $GLOBALS['TL_LANGUAGE'] = $objPage->language; \System::loadLanguageFile('tl_member'); $this->loadDataContainer('tl_member'); // Old password widget $arrFields['oldPassword'] = array('name' => 'oldpassword', 'label' => &$GLOBALS['TL_LANG']['MSC']['oldPassword'], 'inputType' => 'text', 'eval' => array('mandatory' => true, 'preserveTags' => true, 'hideInput' => true)); // New password widget $arrFields['newPassword'] = $GLOBALS['TL_DCA']['tl_member']['fields']['password']; $arrFields['newPassword']['name'] = 'password'; $arrFields['newPassword']['label'] =& $GLOBALS['TL_LANG']['MSC']['newPassword']; $row = 0; $strFields = ''; $doNotSubmit = false; $objMember = \MemberModel::findByPk($this->User->id); $strFormId = 'tl_change_password_' . $this->id; $flashBag = \System::getContainer()->get('session')->getFlashBag(); $strTable = $objMember->getTable(); // Initialize the versioning (see #8301) $objVersions = new \Versions($strTable, $objMember->id); $objVersions->setUsername($objMember->username); $objVersions->setUserId(0); $objVersions->setEditUrl('contao/main.php?do=member&act=edit&id=%s&rt=1'); $objVersions->initialize(); /** @var FormTextField $objOldPassword */ $objOldPassword = null; /** @var FormPassword $objNewPassword */ $objNewPassword = null; // Initialize the widgets foreach ($arrFields as $strKey => $arrField) { /** @var Widget $strClass */ $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; /** @var Widget $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'])); $objWidget->storeValues = true; $objWidget->rowClass = 'row_' . $row . ($row == 0 ? ' row_first' : '') . ($row % 2 == 0 ? ' even' : ' odd'); // Increase the row count if it is a password field if ($objWidget instanceof FormPassword) { $objWidget->rowClassConfirm = 'row_' . ++$row . ($row % 2 == 0 ? ' even' : ' odd'); } ++$row; // Store the widget objects $strVar = 'obj' . ucfirst($strKey); ${$strVar} = $objWidget; // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); // Validate the old password if ($strKey == 'oldPassword') { if (\Encryption::test($objMember->password)) { $blnAuthenticated = \Encryption::verify($objWidget->value, $objMember->password); } else { list($strPassword, $strSalt) = explode(':', $objMember->password); $blnAuthenticated = $strSalt == '' ? $strPassword === sha1($objWidget->value) : $strPassword === sha1($strSalt . $objWidget->value); } if (!$blnAuthenticated) { $objWidget->value = ''; $objWidget->addError($GLOBALS['TL_LANG']['MSC']['oldPasswordWrong']); sleep(2); // Wait 2 seconds while brute forcing :) } } if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $strFields .= $objWidget->parse(); } $this->Template->fields = $strFields; $this->Template->hasError = $doNotSubmit; // Store the new password if (\Input::post('FORM_SUBMIT') == $strFormId && !$doNotSubmit) { $objMember->tstamp = time(); $objMember->password = $objNewPassword->value; $objMember->save(); // Create a new version if ($GLOBALS['TL_DCA'][$strTable]['config']['enableVersioning']) { $objVersions->create(); } // HOOK: set new password callback if (isset($GLOBALS['TL_HOOKS']['setNewPassword']) && is_array($GLOBALS['TL_HOOKS']['setNewPassword'])) { foreach ($GLOBALS['TL_HOOKS']['setNewPassword'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($objMember, $objNewPassword->value, $this); } } // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) instanceof PageModel) { $this->jumpToOrReload($objJumpTo->row()); } $flashBag->set('mod_change_password_confirm', $GLOBALS['TL_LANG']['MSC']['newPasswordSet']); $this->reload(); } // Confirmation message if ($flashBag->has('mod_change_password_confirm')) { $arrMessages = $flashBag->get('mod_change_password_confirm'); $this->Template->message = $arrMessages[0]; } $this->Template->formId = $strFormId; $this->Template->action = \Environment::get('indexFreeRequest'); $this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['changePassword']); $this->Template->rowLast = 'row_' . $row . ' row_last' . ($row % 2 == 0 ? ' even' : ' odd'); }