/**
* Run the controller and parse the template
*
* @return Response
*/
public function run()
{
/** @var \BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_preview');
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['fePreview']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->site = \Input::get('site', true);
$objTemplate->switchHref = \System::getContainer()->get('router')->generate('contao_backend_switch');
if (\Input::get('url')) {
$objTemplate->url = \Environment::get('base') . \Input::get('url');
} elseif (\Input::get('page')) {
$objTemplate->url = $this->redirectToFrontendPage(\Input::get('page'), \Input::get('article'), true);
} else {
$objTemplate->url = \System::getContainer()->get('router')->generate('contao_root', [], UrlGeneratorInterface::ABSOLUTE_URL);
}
// Switch to a particular member (see #6546)
if (\Input::get('user') && $this->User->isAdmin) {
$objUser = \MemberModel::findByUsername(\Input::get('user'));
if ($objUser !== null) {
$strHash = $this->getSessionHash('FE_USER_AUTH');
// Remove old sessions
$this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute(time() - \Config::get('sessionTimeout'), $strHash);
// Insert the new session
$this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute($objUser->id, time(), 'FE_USER_AUTH', \System::getContainer()->get('session')->getId(), \Environment::get('ip'), $strHash);
// Set the cookie
$this->setCookie('FE_USER_AUTH', $strHash, time() + \Config::get('sessionTimeout'), null, null, false, true);
$objTemplate->user = \Input::post('user');
}
}
return $objTemplate->getResponse();
}
/**
* Generate the module
*
* @return string
*/
public function run()
{
$arrJobs = array();
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_purge_data');
$objTemplate->isActive = $this->isActive();
$objTemplate->message = \Message::generateUnwrapped();
// Run the jobs
if (\Input::post('FORM_SUBMIT') == 'tl_purge') {
$purge = \Input::post('purge');
if (!empty($purge) && is_array($purge)) {
foreach ($purge as $group => $jobs) {
foreach ($jobs as $job) {
list($class, $method) = $GLOBALS['TL_PURGE'][$group][$job]['callback'];
$this->import($class);
$this->{$class}->{$method}();
}
}
}
\Message::addConfirmation($GLOBALS['TL_LANG']['tl_maintenance']['cacheCleared']);
$this->reload();
}
// Tables
foreach ($GLOBALS['TL_PURGE']['tables'] as $key => $config) {
$arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'tables', 'affected' => '');
// Get the current table size
foreach ($config['affected'] as $table) {
$objCount = $this->Database->execute("SELECT COUNT(*) AS count FROM " . $table);
$arrJobs[$key]['affected'] .= '<br>' . $table . ': <span>' . sprintf($GLOBALS['TL_LANG']['MSC']['entries'], $objCount->count) . ', ' . $this->getReadableSize($this->Database->getSizeOf($table), 0) . '</span>';
}
}
$strCachePath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', \System::getContainer()->getParameter('kernel.cache_dir'));
// Folders
foreach ($GLOBALS['TL_PURGE']['folders'] as $key => $config) {
$arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'folders', 'affected' => '');
// Get the current folder size
foreach ($config['affected'] as $folder) {
$total = 0;
$folder = sprintf($folder, $strCachePath);
// Only check existing folders
if (is_dir(TL_ROOT . '/' . $folder)) {
$objFiles = Finder::create()->in(TL_ROOT . '/' . $folder)->files();
$total = iterator_count($objFiles);
}
$arrJobs[$key]['affected'] .= '<br>' . $folder . ': <span>' . sprintf($GLOBALS['TL_LANG']['MSC']['files'], $total) . '</span>';
}
}
// Custom
foreach ($GLOBALS['TL_PURGE']['custom'] as $key => $job) {
$arrJobs[$key] = array('id' => 'purge_' . $key, 'title' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][0], 'description' => $GLOBALS['TL_LANG']['tl_maintenance_jobs'][$key][1], 'group' => 'custom');
}
$objTemplate->jobs = $arrJobs;
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->headline = $GLOBALS['TL_LANG']['tl_maintenance']['clearCache'];
$objTemplate->job = $GLOBALS['TL_LANG']['tl_maintenance']['job'];
$objTemplate->description = $GLOBALS['TL_LANG']['tl_maintenance']['description'];
$objTemplate->submit = \StringUtil::specialchars($GLOBALS['TL_LANG']['tl_maintenance']['clearCache']);
$objTemplate->help = \Config::get('showHelp') && $GLOBALS['TL_LANG']['tl_maintenance']['cacheTables'][1] != '' ? $GLOBALS['TL_LANG']['tl_maintenance']['cacheTables'][1] : '';
return $objTemplate->parse();
}
/**
* Run the controller and parse the login template
*
* @return Response
*/
public function run()
{
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_login');
$strHeadline = sprintf($GLOBALS['TL_LANG']['MSC']['loginTo'], \Config::get('websiteTitle'));
$objTemplate->theme = \Backend::getTheme();
$objTemplate->messages = \Message::generate();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->languages = \System::getLanguages(true);
$objTemplate->title = \StringUtil::specialchars($strHeadline);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->userLanguage = $GLOBALS['TL_LANG']['tl_user']['language'][0];
$objTemplate->headline = $strHeadline;
$objTemplate->curLanguage = \Input::post('language') ?: str_replace('-', '_', $GLOBALS['TL_LANGUAGE']);
$objTemplate->curUsername = \Input::post('username') ?: '';
$objTemplate->uClass = $_POST && empty($_POST['username']) ? ' class="login_error"' : '';
$objTemplate->pClass = $_POST && empty($_POST['password']) ? ' class="login_error"' : '';
$objTemplate->loginButton = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['loginBT']);
$objTemplate->username = $GLOBALS['TL_LANG']['tl_user']['username'][0];
$objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$objTemplate->feLink = $GLOBALS['TL_LANG']['MSC']['feLink'];
$objTemplate->default = $GLOBALS['TL_LANG']['MSC']['default'];
$objTemplate->jsDisabled = $GLOBALS['TL_LANG']['MSC']['jsDisabled'];
return $objTemplate->getResponse();
}
/**
* Run the controller and parse the login template
*
* @return Response
*/
public function run()
{
$packages = System::getContainer()->getParameter('kernel.packages');
$this->Template = new \BackendTemplate('be_main');
$this->Template->version = $packages['contao/core-bundle'];
$this->Template->main = '';
// Ajax request
if ($_POST && \Environment::get('isAjaxRequest')) {
$this->objAjax = new \Ajax(\Input::post('action'));
$this->objAjax->executePreActions();
}
// Error
if (\Input::get('act') == 'error') {
$this->Template->error = $GLOBALS['TL_LANG']['ERR']['general'];
$this->Template->title = $GLOBALS['TL_LANG']['ERR']['general'];
@trigger_error('Using act=error has been deprecated and will no longer work in Contao 5.0. Throw an exception instead.', E_USER_DEPRECATED);
} elseif (!\Input::get('do') && !\Input::get('act')) {
$this->Template->main .= $this->welcomeScreen();
$this->Template->title = $GLOBALS['TL_LANG']['MSC']['home'];
} elseif (\Input::get('do')) {
$this->Template->main .= $this->getBackendModule(\Input::get('do'));
$this->Template->title = $this->Template->headline;
}
return $this->output();
}
/**
* Generate the module
*/
protected function compile()
{
$this->import('FrontendUser', 'User');
// Initialize the password widget
$arrField = array('name' => 'password', 'inputType' => 'text', 'label' => $GLOBALS['TL_LANG']['MSC']['password'][0], 'eval' => array('hideInput' => true, 'mandatory' => true, 'required' => true));
$objWidget = new \FormTextField(\FormTextField::getAttributesFromDca($arrField, $arrField['name']));
$objWidget->rowClass = 'row_0 row_first even';
$strFormId = 'tl_close_account_' . $this->id;
// Validate widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
// Validate the password
if (!$objWidget->hasErrors()) {
// The password has been generated with crypt()
if (\Encryption::test($this->User->password)) {
$blnAuthenticated = \Encryption::verify($objWidget->value, $this->User->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->User->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1($objWidget->value) : $strPassword === sha1($strSalt . $objWidget->value);
}
if (!$blnAuthenticated) {
$objWidget->value = '';
$objWidget->addError($GLOBALS['TL_LANG']['ERR']['invalidPass']);
}
}
// Close account
if (!$objWidget->hasErrors()) {
// HOOK: send account ID
if (isset($GLOBALS['TL_HOOKS']['closeAccount']) && is_array($GLOBALS['TL_HOOKS']['closeAccount'])) {
foreach ($GLOBALS['TL_HOOKS']['closeAccount'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($this->User->id, $this->reg_close, $this);
}
}
$objMember = \MemberModel::findByPk($this->User->id);
// Remove the account
if ($this->reg_close == 'close_delete') {
$objMember->delete();
$this->log('User account ID ' . $this->User->id . ' (' . \Idna::decodeEmail($this->User->email) . ') has been deleted', __METHOD__, TL_ACCESS);
} else {
$objMember->disable = 1;
$objMember->tstamp = time();
$objMember->save();
$this->log('User account ID ' . $this->User->id . ' (' . \Idna::decodeEmail($this->User->email) . ') has been deactivated', __METHOD__, TL_ACCESS);
}
$this->User->logout();
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) instanceof PageModel) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
}
$this->Template->fields = $objWidget->parse();
$this->Template->formId = $strFormId;
$this->Template->action = \Environment::get('indexFreeRequest');
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['closeAccount']);
$this->Template->rowLast = 'row_1 row_last odd';
}
public function executePreActions($strAction, DataContainer $dc)
{
if ($strAction === 'boxSystemChange') {
$elementId = Input::post('id');
$boxSystemId = Input::post('boxSystemId');
$this->Database->prepare("UPDATE tl_content SET tstamp=" . time() . ", boxSystem='" . $boxSystemId . "' WHERE id=?")->execute($elementId);
}
}
/**
* Generate the message filter
*
* @return string
*/
public function generateMessageFilter()
{
if (Input::post('FORM_SUBMIT') === 'tl_filters' && Input::post($this->filterName, true) !== 'tl_' . $this->filterName) {
$session = Session::getInstance()->getData();
$session['seo_serp_expand_tree'] = 'tl_page';
Session::getInstance()->setData($session);
}
return parent::generateMessageFilter();
}
/**
* Run the controller and parse the password template
*
* @return Response
*/
public function run()
{
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_password');
if (\Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = \Input::postUnsafeRaw('password');
$cnf = \Input::postUnsafeRaw('confirm');
// The passwords do not match
if ($pw != $cnf) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (Utf8::strlen($pw) < \Config::get('minPasswordLength')) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
} elseif ($pw == $this->User->username) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (\Encryption::verify($pw, $this->User->password)) {
\Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$this->loadDataContainer('tl_user');
// Trigger the save_callback
if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) {
foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$pw = $this->{$callback[0]}->{$callback[1]}($pw);
} elseif (is_callable($callback)) {
$pw = $callback($pw);
}
}
}
$objUser = \UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = \Encryption::hash($pw);
$objUser->save();
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('contao/main.php');
}
}
$this->reload();
}
$objTemplate->theme = \Backend::getTheme();
$objTemplate->messages = \Message::generate();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$objTemplate->submitButton = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
return $objTemplate->getResponse();
}
/**
* Redirect to the selected page
*
* @return string
*/
public function generate()
{
if (TL_MODE == 'BE') {
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_wildcard');
$objTemplate->wildcard = '### ' . Utf8::strtoupper($GLOBALS['TL_LANG']['FMD']['quicknav'][0]) . ' ###';
$objTemplate->title = $this->headline;
$objTemplate->id = $this->id;
$objTemplate->link = $this->name;
$objTemplate->href = 'contao/main.php?do=themes&table=tl_module&act=edit&id=' . $this->id;
return $objTemplate->parse();
}
if (\Input::post('FORM_SUBMIT') == 'tl_quicknav_' . $this->id) {
$this->redirect(\Input::post('target', true));
}
return parent::generate();
}
/**
* Run the controller and parse the template
*/
public function run()
{
$template = new BackendTemplate('be_main');
$template->main = '';
// Ajax request
if ($_POST && Environment::get('isAjaxRequest')) {
$this->objAjax = new Ajax(Input::post('action'));
$this->objAjax->executePreActions();
}
$strTable = Input::get('table');
$strField = Input::get('field');
// Define the current ID
define('CURRENT_ID', Input::get('table') ? $this->Session->get('CURRENT_ID') : Input::get('id'));
Controller::loadDataContainer($strTable);
$strDriver = 'DC_' . $GLOBALS['TL_DCA'][$strTable]['config']['dataContainer'];
$objDca = new $strDriver($strTable);
$objDca->field = $strField;
// Set the active record
if ($this->Database->tableExists($strTable)) {
/** @var Model $strModel $strModel */
$strModel = Model::getClassFromTable($strTable);
if (class_exists($strModel)) {
$objModel = $strModel::findByPk(Input::get('id'));
if ($objModel !== null) {
$objDca->activeRecord = $objModel;
}
}
}
// AJAX request
if ($_POST && Environment::get('isAjaxRequest')) {
$this->objAjax->executePostActions($objDca);
}
$partial = new BackendTemplate('be_rte_table_editor');
$template->isPopup = true;
$template->main = $partial->parse();
$template->theme = Backend::getTheme();
$template->base = Environment::get('base');
$template->language = $GLOBALS['TL_LANGUAGE'];
$template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pagepicker']);
$template->charset = Config::get('characterSet');
Config::set('debugMode', false);
$template->output();
}
/**
* Run the controller and parse the template
*/
public function run()
{
$template = new BackendTemplate('be_picker');
$template->main = '';
// Ajax request
if ($_POST && Environment::get('isAjaxRequest')) {
$this->ajax = new Ajax(Input::post('action'));
$this->ajax->executePreActions();
}
$rebuilder = new Rebuilder();
$rebuilder->setPopupMode(true);
$template->main = $rebuilder->run();
$template->theme = Backend::getTheme();
$template->base = Environment::get('base');
$template->language = $GLOBALS['TL_LANGUAGE'];
$template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pagepicker']);
$template->charset = Config::get('characterSet');
Config::set('debugMode', false);
$template->output();
}
/**
* Run the controller and parse the login template
*
* @return Response
*/
public function run()
{
$this->Template = new \BackendTemplate('be_main');
$this->Template->main = '';
// Ajax request
if ($_POST && \Environment::get('isAjaxRequest')) {
$this->objAjax = new \Ajax(\Input::post('action'));
$this->objAjax->executePreActions();
}
// Error
if (\Input::get('act') == 'error') {
$this->Template->error = $GLOBALS['TL_LANG']['ERR']['general'];
$this->Template->title = $GLOBALS['TL_LANG']['ERR']['general'];
} elseif (!\Input::get('do') && !\Input::get('act')) {
$this->Template->main .= $this->welcomeScreen();
$this->Template->title = $GLOBALS['TL_LANG']['MSC']['home'];
} elseif (\Input::get('do')) {
$this->Template->main .= $this->getBackendModule(\Input::get('do'));
$this->Template->title = $this->Template->headline;
}
return $this->output();
}
/**
* Redirect to the selected page
*
* @return string
*/
public function generate()
{
if (TL_MODE == 'BE') {
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_wildcard');
$objTemplate->wildcard = '### ' . Utf8::strtoupper($GLOBALS['TL_LANG']['FMD']['quicklink'][0]) . ' ###';
$objTemplate->title = $this->headline;
$objTemplate->id = $this->id;
$objTemplate->link = $this->name;
$objTemplate->href = 'contao/main.php?do=themes&table=tl_module&act=edit&id=' . $this->id;
return $objTemplate->parse();
}
// Redirect to selected page
if (\Input::post('FORM_SUBMIT') == 'tl_quicklink_' . $this->id) {
$this->redirect(\Input::post('target', true));
}
// Always return an array (see #4616)
$this->pages = \StringUtil::deserialize($this->pages, true);
if (empty($this->pages) || $this->pages[0] == '') {
return '';
}
return parent::generate();
}
/**
* Add a form to create new comments
*
* @param FrontendTemplate|object $objTemplate
* @param \stdClass $objConfig
* @param string $strSource
* @param integer $intParent
* @param mixed $varNotifies
*/
protected function renderCommentForm(FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $varNotifies)
{
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
$objTemplate->login = $GLOBALS['TL_LANG']['MSC']['com_login'];
return;
}
// Confirm or remove a subscription
if (\Input::get('token')) {
static::changeSubscriptionStatus($objTemplate);
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'label' => $GLOBALS['TL_LANG']['MSC']['securityQuestion'], 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Comment field
$arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
// Notify me of new comments
$arrFields['notify'] = array('name' => 'notify', 'label' => '', 'inputType' => 'checkbox', 'options' => array(1 => $GLOBALS['TL_LANG']['MSC']['com_notify']));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'com_' . $strSource . '_' . $intParent;
// Initialize the widgets
foreach ($arrFields as $arrField) {
/** @var Widget $strClass */
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
/** @var Widget $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Deprecated since Contao 4.0, to be removed in Contao 5.0
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_COMMENT_ADDED']) {
/** @var PageModel $objPage */
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_COMMENT_ADDED'] = false;
}
// Store the comment
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['website']->value;
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the comment
$strComment = \StringUtil::specialchars(trim($arrWidgets['comment']->value));
$strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment);
// Remove multiple line feeds
$strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
// Parse BBCode
if ($objConfig->bbcode) {
$strComment = $this->parseBbCode($strComment);
}
// Prevent cross-site request forgeries
$strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
$time = time();
// Prepare the record
$arrSet = array('tstamp' => $time, 'source' => $strSource, 'parent' => $intParent, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
// Store the comment
$objComment = new \CommentsModel();
$objComment->setRow($arrSet)->save();
// Store the subscription
if ($arrWidgets['notify']->value) {
static::addCommentsSubscription($objComment);
}
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($objComment->id, $arrSet, $this);
}
}
// Prepare the notification mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host')));
// Convert the comment to plain text
$strComment = strip_tags($strComment);
$strComment = \StringUtil::decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
// Add the comment details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao?do=comments&act=edit&id=' . $objComment->id);
// Add a moderation hint to the e-mail (see #7478)
if ($objConfig->moderate) {
$objEmail->text .= "\n" . $GLOBALS['TL_LANG']['MSC']['com_moderated'] . "\n";
}
// Do not send notifications twice
if (is_array($varNotifies)) {
$objEmail->sendTo(array_unique($varNotifies));
} elseif ($varNotifies != '') {
$objEmail->sendTo($varNotifies);
// see #5443
}
// Pending for approval
if ($objConfig->moderate) {
$_SESSION['TL_COMMENT_ADDED'] = true;
} else {
static::notifyCommentsSubscribers($objComment);
}
$this->reload();
}
}
/**
* Ajax actions that do require a data container object
*
* @param DataContainer $dc
*
* @throws NoContentResponseException
* @throws ResponseException
* @throws BadRequestHttpException
*/
public function executePostActions(DataContainer $dc)
{
header('Content-Type: text/html; charset=' . \Config::get('characterSet'));
// Bypass any core logic for non-core drivers (see #5957)
if (!$dc instanceof DC_File && !$dc instanceof DC_Folder && !$dc instanceof DC_Table) {
$this->executePostActionsHook($dc);
throw new NoContentResponseException();
}
switch ($this->strAction) {
// Load nodes of the page structure tree
case 'loadStructure':
throw new ResponseException($this->convertToResponse($dc->ajaxTreeView($this->strAjaxId, intval(\Input::post('level')))));
// Load nodes of the file manager tree
// Load nodes of the file manager tree
case 'loadFileManager':
throw new ResponseException($this->convertToResponse($dc->ajaxTreeView(\Input::post('folder', true), intval(\Input::post('level')))));
// Load nodes of the page tree
// Load nodes of the page tree
case 'loadPagetree':
$varValue = null;
$strField = $dc->field = \Input::post('name');
// Call the load_callback
if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) {
foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, $dc);
}
}
}
/** @var PageSelector $strClass */
$strClass = $GLOBALS['BE_FFL']['pageSelector'];
/** @var PageSelector $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc));
throw new ResponseException($this->convertToResponse($objWidget->generateAjax($this->strAjaxId, \Input::post('field'), intval(\Input::post('level')))));
// Load nodes of the file tree
// Load nodes of the file tree
case 'loadFiletree':
$varValue = null;
$strField = $dc->field = \Input::post('name');
// Call the load_callback
if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) {
foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, $dc);
}
}
}
/** @var FileSelector $strClass */
$strClass = $GLOBALS['BE_FFL']['fileSelector'];
/** @var FileSelector $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc));
// Load a particular node
if (\Input::post('folder', true) != '') {
throw new ResponseException($this->convertToResponse($objWidget->generateAjax(\Input::post('folder', true), \Input::post('field'), intval(\Input::post('level')))));
}
throw new ResponseException($this->convertToResponse($objWidget->generate()));
// Reload the page/file picker
// Reload the page/file picker
case 'reloadPagetree':
case 'reloadFiletree':
$intId = \Input::get('id');
$strField = $dc->inputName = \Input::post('name');
// Handle the keys in "edit multiple" mode
if (\Input::get('act') == 'editAll') {
$intId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', $strField);
$strField = preg_replace('/(.*)_[0-9a-zA-Z]+$/', '$1', $strField);
}
$dc->field = $strField;
// The field does not exist
if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField])) {
$this->log('Field "' . $strField . '" does not exist in DCA "' . $dc->table . '"', __METHOD__, TL_ERROR);
throw new BadRequestHttpException('Bad request');
}
$objRow = null;
$varValue = null;
// Load the value
if (\Input::get('act') != 'overrideAll') {
if ($GLOBALS['TL_DCA'][$dc->table]['config']['dataContainer'] == 'File') {
$varValue = \Config::get($strField);
} elseif ($intId > 0 && $this->Database->tableExists($dc->table)) {
$objRow = $this->Database->prepare("SELECT * FROM " . $dc->table . " WHERE id=?")->execute($intId);
// The record does not exist
if ($objRow->numRows < 1) {
$this->log('A record with the ID "' . $intId . '" does not exist in table "' . $dc->table . '"', __METHOD__, TL_ERROR);
throw new BadRequestHttpException('Bad request');
}
$varValue = $objRow->{$strField};
$dc->activeRecord = $objRow;
}
}
// Call the load_callback
if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) {
foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, $dc);
}
}
}
// Set the new value
$varValue = \Input::post('value', true);
$strKey = $this->strAction == 'reloadPagetree' ? 'pageTree' : 'fileTree';
// Convert the selected values
if ($varValue != '') {
$varValue = \StringUtil::trimsplit("\t", $varValue);
// Automatically add resources to the DBAFS
if ($strKey == 'fileTree') {
foreach ($varValue as $k => $v) {
if (\Dbafs::shouldBeSynchronized($v)) {
$objFile = \FilesModel::findByPath($v);
if ($objFile === null) {
$objFile = \Dbafs::addResource($v);
}
$varValue[$k] = $objFile->uuid;
}
}
}
$varValue = serialize($varValue);
}
/** @var FileTree|PageTree $strClass */
$strClass = $GLOBALS['BE_FFL'][$strKey];
/** @var FileTree|PageTree $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->inputName, $varValue, $strField, $dc->table, $dc));
throw new ResponseException($this->convertToResponse($objWidget->generate()));
// Feature/unfeature an element
// Feature/unfeature an element
case 'toggleFeatured':
if (class_exists($dc->table, false)) {
$dca = new $dc->table();
if (method_exists($dca, 'toggleFeatured')) {
$dca->toggleFeatured(\Input::post('id'), \Input::post('state') == 1 ? true : false);
}
}
throw new NoContentResponseException();
// Toggle subpalettes
// Toggle subpalettes
case 'toggleSubpalette':
$this->import('BackendUser', 'User');
// Check whether the field is a selector field and allowed for regular users (thanks to Fabian Mihailowitsch) (see #4427)
if (!is_array($GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || !in_array(\Input::post('field'), $GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !$this->User->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) {
$this->log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR);
throw new BadRequestHttpException('Bad request');
}
if ($dc instanceof DC_Table) {
if (\Input::get('act') == 'editAll') {
$this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', \Input::post('id'));
$this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId);
if (\Input::post('load')) {
echo $dc->editAll($this->strAjaxId, \Input::post('id'));
}
} else {
$this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id);
if (\Input::post('load')) {
throw new ResponseException($this->convertToResponse($dc->edit(false, \Input::post('id'))));
}
}
} elseif ($dc instanceof DC_File) {
$val = intval(\Input::post('state') == 1) ? true : false;
\Config::persist(\Input::post('field'), $val);
if (\Input::post('load')) {
\Config::set(\Input::post('field'), $val);
throw new ResponseException($this->convertToResponse($dc->edit(false, \Input::post('id'))));
}
}
throw new NoContentResponseException();
// DropZone file upload
// DropZone file upload
case 'fileupload':
$dc->move();
throw new NoContentResponseException();
// HOOK: pass unknown actions to callback functions
// HOOK: pass unknown actions to callback functions
default:
$this->executePostActionsHook($dc);
throw new NoContentResponseException();
}
}
/**
* Add the file meta information to the request
*
* @param string $strUuid
* @param string $strPtable
* @param integer $intPid
*/
public static function addFileMetaInformationToRequest($strUuid, $strPtable, $intPid)
{
$objFile = \FilesModel::findByUuid($strUuid);
if ($objFile === null) {
return;
}
$arrMeta = \StringUtil::deserialize($objFile->meta);
if (empty($arrMeta)) {
return;
}
$objPage = null;
if ($strPtable == 'tl_article') {
$objPage = \PageModel::findOneBy(array('tl_page.id=(SELECT pid FROM tl_article WHERE id=?)'), $intPid);
} else {
// HOOK: support custom modules
if (isset($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest']) && is_array($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest'])) {
foreach ($GLOBALS['TL_HOOKS']['addFileMetaInformationToRequest'] as $callback) {
if (($val = \System::importStatic($callback[0])->{$callback[1]}($strPtable, $intPid)) !== false) {
$objPage = $val;
}
}
if ($objPage instanceof Result && $objPage->numRows < 1) {
return;
}
if (is_object($objPage) && !$objPage instanceof PageModel) {
$objPage = \PageModel::findByPk($objPage->id);
}
}
}
if ($objPage === null) {
return;
}
$objPage->loadDetails();
// Convert the language to a locale (see #5678)
$strLanguage = str_replace('-', '_', $objPage->rootLanguage);
if (isset($arrMeta[$strLanguage])) {
if (\Input::post('title') == '' && !empty($arrMeta[$strLanguage]['title'])) {
\Input::setPost('title', $arrMeta[$strLanguage]['title']);
}
if (\Input::post('alt') == '' && !empty($arrMeta[$strLanguage]['alt'])) {
\Input::setPost('alt', $arrMeta[$strLanguage]['alt']);
}
if (\Input::post('caption') == '' && !empty($arrMeta[$strLanguage]['caption'])) {
\Input::setPost('caption', $arrMeta[$strLanguage]['caption']);
}
}
}
/**
* Validate the widget using the value.
*
* @param Widget $widget The widget to validate.
*
* @param string|null $value The value to validate.
*
* @return void
*
* @SuppressWarnings(PHPMD.Superglobals)
* @SuppressWarnings(PHPMD.CamelCaseVariableName)
*/
protected function validateWidget($widget, $value)
{
if (null === $value) {
return;
}
$name = $widget->name;
// Backup $_POST value.
$keeper = Input::post($name);
Input::setPost($name, $value);
$widget->validate();
// Restore $_POST value.
Input::setPost($name, $keeper);
}
/**
* Run the controller and parse the template
*
* @return Response
*/
public function run()
{
/** @var SessionInterface $objSession */
$objSession = \System::getContainer()->get('session');
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_picker');
$objTemplate->main = '';
// Ajax request
if ($_POST && \Environment::get('isAjaxRequest')) {
$this->objAjax = new \Ajax(\Input::post('action'));
$this->objAjax->executePreActions();
}
$strTable = \Input::get('table');
$strField = \Input::get('field');
// Define the current ID
define('CURRENT_ID', \Input::get('table') ? $objSession->get('CURRENT_ID') : \Input::get('id'));
$this->loadDataContainer($strTable);
$strDriver = 'DC_' . $GLOBALS['TL_DCA'][$strTable]['config']['dataContainer'];
$objDca = new $strDriver($strTable);
$objDca->field = $strField;
// Set the active record
if ($this->Database->tableExists($strTable)) {
/** @var Model $strModel */
$strModel = \Model::getClassFromTable($strTable);
if (class_exists($strModel)) {
$objModel = $strModel::findByPk(\Input::get('id'));
if ($objModel !== null) {
$objDca->activeRecord = $objModel;
}
}
}
// AJAX request
if ($_POST && \Environment::get('isAjaxRequest')) {
$this->objAjax->executePostActions($objDca);
}
$objSession->set('filePickerRef', \Environment::get('request'));
$arrValues = array_filter(explode(',', \Input::get('value')));
// Convert UUIDs to binary
foreach ($arrValues as $k => $v) {
// Can be a UUID or a path
if (\Validator::isStringUuid($v)) {
$arrValues[$k] = \StringUtil::uuidToBin($v);
}
}
// Call the load_callback
if (is_array($GLOBALS['TL_DCA'][$strTable]['fields'][$strField]['load_callback'])) {
foreach ($GLOBALS['TL_DCA'][$strTable]['fields'][$strField]['load_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$arrValues = $this->{$callback[0]}->{$callback[1]}($arrValues, $objDca);
} elseif (is_callable($callback)) {
$arrValues = $callback($arrValues, $objDca);
}
}
}
/** @var FileSelector $strClass */
$strClass = $GLOBALS['BE_FFL']['fileSelector'];
/** @var FileSelector $objFileTree */
$objFileTree = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$strTable]['fields'][$strField], $strField, $arrValues, $strField, $strTable, $objDca));
/** @var AttributeBagInterface $objSessionBag */
$objSessionBag = $objSession->getBag('contao_backend');
$objTemplate->main = $objFileTree->generate();
$objTemplate->theme = \Backend::getTheme();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['filepicker']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->addSearch = true;
$objTemplate->search = $GLOBALS['TL_LANG']['MSC']['search'];
$objTemplate->searchExclude = $GLOBALS['TL_LANG']['MSC']['searchExclude'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->value = $objSessionBag->get('file_selector_search');
$objTemplate->manager = $GLOBALS['TL_LANG']['MSC']['fileManager'];
$objTemplate->managerHref = 'contao/main.php?do=files&popup=1';
$objTemplate->breadcrumb = $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['breadcrumb'];
if (\Input::get('switch')) {
$objTemplate->switch = $GLOBALS['TL_LANG']['MSC']['pagePicker'];
$objTemplate->switchHref = str_replace('contao/file?', 'contao/page?', ampersand(\Environment::get('request')));
}
return $objTemplate->getResponse();
}
/**
* @param null $intId
* @return mixed
*/
protected function getPostPassword($intId = null)
{
return Input::get('act') == 'editAll' && is_numeric($intId) ? Input::post('password_' . $intId) : Input::post('password');
}
/**
* Generate the module
*/
protected function compile()
{
// Show logout form
if (FE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
$this->Template->logout = true;
$this->Template->formId = 'tl_logout_' . $this->id;
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['logout']);
$this->Template->loggedInAs = sprintf($GLOBALS['TL_LANG']['MSC']['loggedInAs'], $this->User->username);
$this->Template->action = ampersand(\Environment::get('indexFreeRequest'));
if ($this->User->lastLogin > 0) {
/** @var PageModel $objPage */
global $objPage;
$this->Template->lastLogin = sprintf($GLOBALS['TL_LANG']['MSC']['lastLogin'][1], \Date::parse($objPage->datimFormat, $this->User->lastLogin));
}
return;
}
$flashBag = \System::getContainer()->get('session')->getFlashBag();
if ($flashBag->has($this->strFlashType)) {
$this->Template->hasError = true;
$this->Template->message = $flashBag->get($this->strFlashType)[0];
}
$this->Template->username = $GLOBALS['TL_LANG']['MSC']['username'];
$this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$this->Template->action = ampersand(\Environment::get('indexFreeRequest'));
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['login']);
$this->Template->value = \StringUtil::specialchars(\Input::post('username'));
$this->Template->formId = 'tl_login_' . $this->id;
$this->Template->autologin = $this->autologin && \Config::get('autologin') > 0;
$this->Template->autoLabel = $GLOBALS['TL_LANG']['MSC']['autologin'];
}
/**
* Compare versions
*/
public function compare()
{
$strBuffer = '';
$arrVersions = array();
$intTo = 0;
$intFrom = 0;
$objVersions = $this->Database->prepare("SELECT * FROM tl_version WHERE pid=? AND fromTable=? ORDER BY version DESC")->execute($this->intPid, $this->strTable);
if ($objVersions->numRows < 2) {
$strBuffer = '<p>There are no versions of ' . $this->strTable . '.id=' . $this->intPid . '</p>';
} else {
$intIndex = 0;
$from = array();
// Store the versions and mark the active one
while ($objVersions->next()) {
if ($objVersions->active) {
$intIndex = $objVersions->version;
}
$arrVersions[$objVersions->version] = $objVersions->row();
$arrVersions[$objVersions->version]['info'] = $GLOBALS['TL_LANG']['MSC']['version'] . ' ' . $objVersions->version . ' (' . \Date::parse(\Config::get('datimFormat'), $objVersions->tstamp) . ') ' . $objVersions->username;
}
// To
if (\Input::post('to') && isset($arrVersions[\Input::post('to')])) {
$intTo = \Input::post('to');
$to = \StringUtil::deserialize($arrVersions[\Input::post('to')]['data']);
} elseif (\Input::get('to') && isset($arrVersions[\Input::get('to')])) {
$intTo = \Input::get('to');
$to = \StringUtil::deserialize($arrVersions[\Input::get('to')]['data']);
} else {
$intTo = $intIndex;
$to = \StringUtil::deserialize($arrVersions[$intTo]['data']);
}
// From
if (\Input::post('from') && isset($arrVersions[\Input::post('from')])) {
$intFrom = \Input::post('from');
$from = \StringUtil::deserialize($arrVersions[\Input::post('from')]['data']);
} elseif (\Input::get('from') && isset($arrVersions[\Input::get('from')])) {
$intFrom = \Input::get('from');
$from = \StringUtil::deserialize($arrVersions[\Input::get('from')]['data']);
} elseif ($intIndex > 1) {
$intFrom = $intIndex - 1;
$from = \StringUtil::deserialize($arrVersions[$intFrom]['data']);
}
// Only continue if both version numbers are set
if ($intTo > 0 && $intFrom > 0) {
\System::loadLanguageFile($this->strTable);
$this->loadDataContainer($this->strTable);
// Get the order fields
$objDcaExtractor = \DcaExtractor::getInstance($this->strTable);
$arrOrder = $objDcaExtractor->getOrderFields();
// Find the changed fields and highlight the changes
foreach ($to as $k => $v) {
if ($from[$k] != $to[$k]) {
if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['doNotShow'] || $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['hideInput']) {
continue;
}
$blnIsBinary = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['inputType'] == 'fileTree' || in_array($k, $arrOrder);
// Decrypt the values
if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['encrypt']) {
$to[$k] = \Encryption::decrypt($to[$k]);
$from[$k] = \Encryption::decrypt($from[$k]);
}
// Convert serialized arrays into strings
if (is_array($tmp = \StringUtil::deserialize($to[$k])) && !is_array($to[$k])) {
$to[$k] = $this->implodeRecursive($tmp, $blnIsBinary);
}
if (is_array($tmp = \StringUtil::deserialize($from[$k])) && !is_array($from[$k])) {
$from[$k] = $this->implodeRecursive($tmp, $blnIsBinary);
}
unset($tmp);
// Convert binary UUIDs to their hex equivalents (see #6365)
if ($blnIsBinary && \Validator::isBinaryUuid($to[$k])) {
$to[$k] = \StringUtil::binToUuid($to[$k]);
}
if ($blnIsBinary && \Validator::isBinaryUuid($from[$k])) {
$to[$k] = \StringUtil::binToUuid($from[$k]);
}
// Convert date fields
if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'date') {
$to[$k] = \Date::parse(\Config::get('dateFormat'), $to[$k] ?: '');
$from[$k] = \Date::parse(\Config::get('dateFormat'), $from[$k] ?: '');
} elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'time') {
$to[$k] = \Date::parse(\Config::get('timeFormat'), $to[$k] ?: '');
$from[$k] = \Date::parse(\Config::get('timeFormat'), $from[$k] ?: '');
} elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['eval']['rgxp'] == 'datim' || $k == 'tstamp') {
$to[$k] = \Date::parse(\Config::get('datimFormat'), $to[$k] ?: '');
$from[$k] = \Date::parse(\Config::get('datimFormat'), $from[$k] ?: '');
}
// Convert strings into arrays
if (!is_array($to[$k])) {
$to[$k] = explode("\n", $to[$k]);
}
if (!is_array($from[$k])) {
$from[$k] = explode("\n", $from[$k]);
}
$objDiff = new \Diff($from[$k], $to[$k]);
$strBuffer .= $objDiff->render(new DiffRenderer(array('field' => $GLOBALS['TL_DCA'][$this->strTable]['fields'][$k]['label'][0] ?: (isset($GLOBALS['TL_LANG']['MSC'][$k]) ? is_array($GLOBALS['TL_LANG']['MSC'][$k]) ? $GLOBALS['TL_LANG']['MSC'][$k][0] : $GLOBALS['TL_LANG']['MSC'][$k] : $k))));
}
}
}
}
// Identical versions
if ($strBuffer == '') {
$strBuffer = '<p>' . $GLOBALS['TL_LANG']['MSC']['identicalVersions'] . '</p>';
}
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_diff');
// Template variables
$objTemplate->content = $strBuffer;
$objTemplate->versions = $arrVersions;
$objTemplate->to = $intTo;
$objTemplate->from = $intFrom;
$objTemplate->showLabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['showDifferences']);
$objTemplate->theme = \Backend::getTheme();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['showDifferences']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
throw new ResponseException($objTemplate->getResponse());
}
/**
* Generate the module
*/
protected function compile()
{
// Mark the x and y parameter as used (see #4277)
if (isset($_GET['x'])) {
\Input::get('x');
\Input::get('y');
}
// Trigger the search module from a custom form
if (!isset($_GET['keywords']) && \Input::post('FORM_SUBMIT') == 'tl_search') {
$_GET['keywords'] = \Input::post('keywords');
$_GET['query_type'] = \Input::post('query_type');
$_GET['per_page'] = \Input::post('per_page');
}
$blnFuzzy = $this->fuzzy;
$strQueryType = \Input::get('query_type') ?: $this->queryType;
$strKeywords = trim(\Input::get('keywords'));
$this->Template->uniqueId = $this->id;
$this->Template->queryType = $strQueryType;
$this->Template->keyword = \StringUtil::specialchars($strKeywords);
$this->Template->keywordLabel = $GLOBALS['TL_LANG']['MSC']['keywords'];
$this->Template->optionsLabel = $GLOBALS['TL_LANG']['MSC']['options'];
$this->Template->search = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['searchLabel']);
$this->Template->matchAll = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['matchAll']);
$this->Template->matchAny = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['matchAny']);
$this->Template->action = ampersand(\Environment::get('indexFreeRequest'));
$this->Template->advanced = $this->searchType == 'advanced';
// Redirect page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) instanceof PageModel) {
/** @var PageModel $objTarget */
$this->Template->action = $objTarget->getFrontendUrl();
}
$this->Template->pagination = '';
$this->Template->results = '';
// Execute the search if there are keywords
if ($strKeywords != '' && $strKeywords != '*' && !$this->jumpTo) {
// Reference page
if ($this->rootPage > 0) {
$intRootId = $this->rootPage;
$arrPages = $this->Database->getChildRecords($this->rootPage, 'tl_page');
array_unshift($arrPages, $this->rootPage);
} else {
/** @var PageModel $objPage */
global $objPage;
$intRootId = $objPage->rootId;
$arrPages = $this->Database->getChildRecords($objPage->rootId, 'tl_page');
}
// HOOK: add custom logic (see #5223)
if (isset($GLOBALS['TL_HOOKS']['customizeSearch']) && is_array($GLOBALS['TL_HOOKS']['customizeSearch'])) {
foreach ($GLOBALS['TL_HOOKS']['customizeSearch'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($arrPages, $strKeywords, $strQueryType, $blnFuzzy);
}
}
// Return if there are no pages
if (!is_array($arrPages) || empty($arrPages)) {
return;
}
$strCachePath = str_replace(TL_ROOT . DIRECTORY_SEPARATOR, '', \System::getContainer()->getParameter('kernel.cache_dir'));
$arrResult = null;
$strChecksum = md5($strKeywords . $strQueryType . $intRootId . $blnFuzzy);
$query_starttime = microtime(true);
$strCacheFile = $strCachePath . '/contao/search/' . $strChecksum . '.json';
// Load the cached result
if (file_exists(TL_ROOT . '/' . $strCacheFile)) {
$objFile = new \File($strCacheFile);
if ($objFile->mtime > time() - 1800) {
$arrResult = json_decode($objFile->getContent(), true);
} else {
$objFile->delete();
}
}
// Cache the result
if ($arrResult === null) {
try {
$objSearch = \Search::searchFor($strKeywords, $strQueryType == 'or', $arrPages, 0, 0, $blnFuzzy);
$arrResult = $objSearch->fetchAllAssoc();
} catch (\Exception $e) {
$this->log('Website search failed: ' . $e->getMessage(), __METHOD__, TL_ERROR);
$arrResult = array();
}
\File::putContent($strCacheFile, json_encode($arrResult));
}
$query_endtime = microtime(true);
// Sort out protected pages
if (\Config::get('indexProtected') && !BE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
foreach ($arrResult as $k => $v) {
if ($v['protected']) {
if (!FE_USER_LOGGED_IN) {
unset($arrResult[$k]);
} else {
$groups = \StringUtil::deserialize($v['groups']);
if (!is_array($groups) || empty($groups) || !count(array_intersect($groups, $this->User->groups))) {
unset($arrResult[$k]);
}
}
}
}
$arrResult = array_values($arrResult);
}
$count = count($arrResult);
$this->Template->count = $count;
$this->Template->page = null;
$this->Template->keywords = $strKeywords;
// No results
if ($count < 1) {
$this->Template->header = sprintf($GLOBALS['TL_LANG']['MSC']['sEmpty'], $strKeywords);
$this->Template->duration = substr($query_endtime - $query_starttime, 0, 6) . ' ' . $GLOBALS['TL_LANG']['MSC']['seconds'];
return;
}
$from = 1;
$to = $count;
// Pagination
if ($this->perPage > 0) {
$id = 'page_s' . $this->id;
$page = \Input::get($id) !== null ? \Input::get($id) : 1;
$per_page = \Input::get('per_page') ?: $this->perPage;
// Do not index or cache the page if the page number is outside the range
if ($page < 1 || $page > max(ceil($count / $per_page), 1)) {
throw new PageNotFoundException('Page not found: ' . \Environment::get('uri'));
}
$from = ($page - 1) * $per_page + 1;
$to = $from + $per_page > $count ? $count : $from + $per_page - 1;
// Pagination menu
if ($to < $count || $from > 1) {
$objPagination = new \Pagination($count, $per_page, \Config::get('maxPaginationLinks'), $id);
$this->Template->pagination = $objPagination->generate("\n ");
}
$this->Template->page = $page;
}
// Get the results
for ($i = $from - 1; $i < $to && $i < $count; $i++) {
/** @var FrontendTemplate|object $objTemplate */
$objTemplate = new \FrontendTemplate($this->searchTpl);
$objTemplate->url = $arrResult[$i]['url'];
$objTemplate->link = $arrResult[$i]['title'];
$objTemplate->href = $arrResult[$i]['url'];
$objTemplate->title = \StringUtil::specialchars($arrResult[$i]['title']);
$objTemplate->class = ($i == $from - 1 ? 'first ' : '') . ($i == $to - 1 || $i == $count - 1 ? 'last ' : '') . ($i % 2 == 0 ? 'even' : 'odd');
$objTemplate->relevance = sprintf($GLOBALS['TL_LANG']['MSC']['relevance'], number_format($arrResult[$i]['relevance'] / $arrResult[0]['relevance'] * 100, 2) . '%');
$objTemplate->filesize = $arrResult[$i]['filesize'];
$objTemplate->matches = $arrResult[$i]['matches'];
$arrContext = array();
$arrMatches = \StringUtil::trimsplit(',', $arrResult[$i]['matches']);
// Get the context
foreach ($arrMatches as $strWord) {
$arrChunks = array();
preg_match_all('/(^|\\b.{0,' . $this->contextLength . '}\\PL)' . str_replace('+', '\\+', $strWord) . '(\\PL.{0,' . $this->contextLength . '}\\b|$)/ui', $arrResult[$i]['text'], $arrChunks);
foreach ($arrChunks[0] as $strContext) {
$arrContext[] = ' ' . $strContext . ' ';
}
}
// Shorten the context and highlight all keywords
if (!empty($arrContext)) {
$objTemplate->context = trim(\StringUtil::substrHtml(implode('…', $arrContext), $this->totalLength));
$objTemplate->context = preg_replace('/(\\PL)(' . implode('|', $arrMatches) . ')(\\PL)/ui', '$1<mark class="highlight">$2</mark>$3', $objTemplate->context);
$objTemplate->hasContext = true;
}
$this->Template->results .= $objTemplate->parse();
}
$this->Template->header = vsprintf($GLOBALS['TL_LANG']['MSC']['sResults'], array($from, $to, $count, $strKeywords));
$this->Template->duration = substr($query_endtime - $query_starttime, 0, 6) . ' ' . $GLOBALS['TL_LANG']['MSC']['seconds'];
}
}
/**
* Set the new password
*/
protected function setNewPassword()
{
$objMember = \MemberModel::findOneByActivation(\Input::get('token'));
if ($objMember === null || $objMember->login == '') {
$this->strTemplate = 'mod_message';
/** @var FrontendTemplate|object $objTemplate */
$objTemplate = new \FrontendTemplate($this->strTemplate);
$this->Template = $objTemplate;
$this->Template->type = 'error';
$this->Template->message = $GLOBALS['TL_LANG']['MSC']['accountError'];
return;
}
$strTable = $objMember->getTable();
// Initialize the versioning (see #8301)
$objVersions = new \Versions($strTable, $objMember->id);
$objVersions->setUsername($objMember->username);
$objVersions->setUserId(0);
$objVersions->setEditUrl('contao/main.php?do=member&act=edit&id=%s&rt=1');
$objVersions->initialize();
// Define the form field
$arrField = $GLOBALS['TL_DCA']['tl_member']['fields']['password'];
/** @var Widget $strClass */
$strClass = $GLOBALS['TL_FFL']['password'];
// Fallback to default if the class is not defined
if (!class_exists($strClass)) {
$strClass = 'FormPassword';
}
/** @var Widget $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($arrField, 'password'));
// Set row classes
$objWidget->rowClass = 'row_0 row_first even';
$objWidget->rowClassConfirm = 'row_1 odd';
$this->Template->rowLast = 'row_2 row_last even';
/** @var SessionInterface $objSession */
$objSession = \System::getContainer()->get('session');
// Validate the field
if (strlen(\Input::post('FORM_SUBMIT')) && \Input::post('FORM_SUBMIT') == $objSession->get('setPasswordToken')) {
$objWidget->validate();
// Set the new password and redirect
if (!$objWidget->hasErrors()) {
$objSession->set('setPasswordToken', '');
$objMember->tstamp = time();
$objMember->activation = '';
$objMember->password = $objWidget->value;
$objMember->save();
// Create a new version
if ($GLOBALS['TL_DCA'][$strTable]['config']['enableVersioning']) {
$objVersions->create();
}
// HOOK: set new password callback
if (isset($GLOBALS['TL_HOOKS']['setNewPassword']) && is_array($GLOBALS['TL_HOOKS']['setNewPassword'])) {
foreach ($GLOBALS['TL_HOOKS']['setNewPassword'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($objMember, $objWidget->value, $this);
}
}
// Redirect to the jumpTo page
if (($objTarget = $this->objModel->getRelated('reg_jumpTo')) instanceof PageModel) {
/** @var PageModel $objTarget */
$this->redirect($objTarget->getFrontendUrl());
}
// Confirm
$this->strTemplate = 'mod_message';
/** @var FrontendTemplate|object $objTemplate */
$objTemplate = new \FrontendTemplate($this->strTemplate);
$this->Template = $objTemplate;
$this->Template->type = 'confirm';
$this->Template->message = $GLOBALS['TL_LANG']['MSC']['newPasswordSet'];
return;
}
}
$strToken = md5(uniqid(mt_rand(), true));
$objSession->set('setPasswordToken', $strToken);
$this->Template->formId = $strToken;
$this->Template->fields = $objWidget->parse();
$this->Template->action = \Environment::get('indexFreeRequest');
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['setNewPassword']);
}
/**
* Find ten matching usernames and return them as JSON
*/
protected function getDatalistOptions()
{
if (!$this->User->isAdmin) {
header('HTTP/1.1 400 Bad Request');
die('You must be an administrator to use the script');
}
$arrUsers = array();
$time = \Date::floorToMinute();
// Get the active front end users
$objUsers = $this->Database->prepare("SELECT username FROM tl_member WHERE username LIKE ? AND login='******' AND disable!='1' AND (start='' OR start<='{$time}') AND (stop='' OR stop>'" . ($time + 60) . "') ORDER BY username")->limit(10)->execute(str_replace('%', '', \Input::post('value')) . '%');
if ($objUsers->numRows) {
$arrUsers = $objUsers->fetchEach('username');
}
header('Content-type: application/json');
die(json_encode($arrUsers));
}
/**
* Generate the widget and return it as string
*
* @return string
*/
public function generate()
{
$this->import('BackendUser', 'User');
$this->convertValuesToPaths();
if ($this->extensions != '') {
$this->arrValidFileTypes = \StringUtil::trimsplit(',', strtolower($this->extensions));
}
/** @var AttributeBagInterface $objSessionBag */
$objSessionBag = \System::getContainer()->get('session')->getBag('contao_backend');
// Store the keyword
if (\Input::post('FORM_SUBMIT') == 'item_selector') {
$strKeyword = ltrim(\Input::postRaw('keyword'), '*');
// Make sure the regular expression is valid
if ($strKeyword != '') {
try {
$this->Database->prepare("SELECT * FROM tl_files WHERE name REGEXP ?")->limit(1)->execute($strKeyword);
} catch (\Exception $e) {
$strKeyword = '';
}
}
$objSessionBag->set('file_selector_search', $strKeyword);
$this->reload();
}
$tree = '';
$for = $objSessionBag->get('file_selector_search');
$arrFound = array();
// Search for a specific file
if ($for != '') {
// Wrap in a try catch block in case the regular expression is invalid (see #7743)
try {
$strPattern = "CAST(name AS CHAR) REGEXP ?";
if (substr(\Config::get('dbCollation'), -3) == '_ci') {
$strPattern = "LOWER(CAST(name AS CHAR)) REGEXP LOWER(?)";
}
$strType = '';
if (strpos($for, 'type:file') !== false) {
$strType = " AND type='file'";
$for = trim(str_replace('type:file', '', $for));
}
if (strpos($for, 'type:folder') !== false) {
$strType = " AND type='folder'";
$for = trim(str_replace('type:folder', '', $for));
}
$objRoot = $this->Database->prepare("SELECT path, type, extension FROM tl_files WHERE {$strPattern} {$strType} GROUP BY path")->execute($for);
if ($objRoot->numRows < 1) {
$GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array('');
} else {
$arrPaths = array();
// Respect existing limitations
if ($this->path != '') {
while ($objRoot->next()) {
if (strncmp($this->path . '/', $objRoot->path . '/', strlen($this->path) + 1) === 0) {
if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) {
$arrFound[] = $objRoot->path;
}
$arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path);
}
}
} elseif ($this->User->isAdmin) {
// Show all files to admins
while ($objRoot->next()) {
if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) {
$arrFound[] = $objRoot->path;
}
$arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path);
}
} else {
if (is_array($this->User->filemounts)) {
while ($objRoot->next()) {
// Show only mounted folders to regular users
foreach ($this->User->filemounts as $path) {
if (strncmp($path . '/', $objRoot->path . '/', strlen($path) + 1) === 0) {
if ($objRoot->type == 'folder' || empty($this->arrValidFileTypes) || in_array($objRoot->extension, $this->arrValidFileTypes)) {
$arrFound[] = $objRoot->path;
}
$arrPaths[] = $objRoot->type == 'folder' ? $objRoot->path : dirname($objRoot->path);
}
}
}
}
}
$GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'] = array_unique($arrPaths);
}
} catch (\Exception $e) {
}
}
$strNode = $objSessionBag->get('tl_files_picker');
// Unset the node if it is not within the path (see #5899)
if ($strNode != '' && $this->path != '') {
if (strncmp($strNode . '/', $this->path . '/', strlen($this->path) + 1) !== 0) {
$objSessionBag->remove('tl_files_picker');
}
}
// Add the breadcrumb menu
if (\Input::get('do') != 'files') {
\Backend::addFilesBreadcrumb('tl_files_picker');
}
// Root nodes (breadcrumb menu)
if (!empty($GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'])) {
$root = $GLOBALS['TL_DCA']['tl_files']['list']['sorting']['root'];
// Allow only those roots that are within the custom path
if ($this->path != '') {
$root = array_intersect(preg_grep('/^' . preg_quote($this->path, '/') . '(?:$|\\/)/', $root), $root);
if (empty($root)) {
// Set all folders inside the custom path as root nodes
$root = array_map(function ($el) {
return $this->path . '/' . $el;
}, scan(TL_ROOT . '/' . $this->path));
// Hide the breadcrumb
$GLOBALS['TL_DCA']['tl_file']['list']['sorting']['breadcrumb'] = '';
}
}
$nodes = $this->eliminateNestedPaths($root);
foreach ($nodes as $node) {
$tree .= $this->renderFiletree(TL_ROOT . '/' . $node, 0, true, true, $arrFound);
}
} elseif ($this->path != '') {
$tree .= $this->renderFiletree(TL_ROOT . '/' . $this->path, 0, false, $this->isProtectedPath($this->path), $arrFound);
} elseif ($this->User->isAdmin) {
$tree .= $this->renderFiletree(TL_ROOT . '/' . \Config::get('uploadPath'), 0, false, true, $arrFound);
} else {
$nodes = $this->eliminateNestedPaths($this->User->filemounts);
foreach ($nodes as $node) {
$tree .= $this->renderFiletree(TL_ROOT . '/' . $node, 0, true, true, $arrFound);
}
}
// Select all checkboxes
if ($this->fieldType == 'checkbox') {
$strReset = "\n" . ' <li class="tl_folder"><div class="tl_left"> </div> <div class="tl_right"><label for="check_all_' . $this->strId . '" class="tl_change_selected">' . $GLOBALS['TL_LANG']['MSC']['selectAll'] . '</label> <input type="checkbox" id="check_all_' . $this->strId . '" class="tl_tree_checkbox" value="" onclick="Backend.toggleCheckboxGroup(this,\'' . $this->strName . '\')"></div><div style="clear:both"></div></li>';
} else {
$strReset = "\n" . ' <li class="tl_folder"><div class="tl_left"> </div> <div class="tl_right"><label for="reset_' . $this->strId . '" class="tl_change_selected">' . $GLOBALS['TL_LANG']['MSC']['resetSelected'] . '</label> <input type="radio" name="' . $this->strName . '" id="reset_' . $this->strName . '" class="tl_tree_radio" value="" onfocus="Backend.getScrollOffset()"></div><div style="clear:both"></div></li>';
}
// Return the tree
return '<ul class="tl_listing tree_view picker_selector' . ($this->strClass != '' ? ' ' . $this->strClass : '') . '" id="' . $this->strId . '">
<li class="tl_folder_top"><div class="tl_left">' . \Image::getHtml($GLOBALS['TL_DCA']['tl_files']['list']['sorting']['icon'] ?: 'filemounts.svg') . ' ' . (\Config::get('websiteTitle') ?: 'Contao Open Source CMS') . '</div> <div class="tl_right"> </div><div style="clear:both"></div></li><li class="parent" id="' . $this->strId . '_parent"><ul>' . $tree . $strReset . '
</ul></li></ul>';
}
/**
* Generate the module
*/
protected function compile()
{
/** @var PageModel $objPage */
global $objPage;
$GLOBALS['TL_LANGUAGE'] = $objPage->language;
\System::loadLanguageFile('tl_member');
$this->loadDataContainer('tl_member');
// Call onload_callback (e.g. to check permissions)
if (is_array($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'])) {
foreach ($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}();
} elseif (is_callable($callback)) {
$callback();
}
}
}
// Activate account
if (\Input::get('token') != '') {
$this->activateAcount();
return;
}
if ($this->memberTpl != '') {
/** @var FrontendTemplate|object $objTemplate */
$objTemplate = new \FrontendTemplate($this->memberTpl);
$this->Template = $objTemplate;
$this->Template->setData($this->arrData);
}
$this->Template->fields = '';
$objCaptcha = null;
$doNotSubmit = false;
$strFormId = 'tl_registration_' . $this->id;
// Predefine the group order (other groups will be appended automatically)
$arrGroups = array('personal' => array(), 'address' => array(), 'contact' => array(), 'login' => array(), 'profile' => array());
// Captcha
if (!$this->disableCaptcha) {
$arrCaptcha = array('id' => 'registration', 'label' => $GLOBALS['TL_LANG']['MSC']['securityQuestion'], 'type' => 'captcha', 'mandatory' => true, 'required' => true);
/** @var FormCaptcha $strClass */
$strClass = $GLOBALS['TL_FFL']['captcha'];
// Fallback to default if the class is not defined
if (!class_exists($strClass)) {
$strClass = 'FormCaptcha';
}
/** @var FormCaptcha $objCaptcha */
$objCaptcha = new $strClass($arrCaptcha);
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objCaptcha->validate();
if ($objCaptcha->hasErrors()) {
$doNotSubmit = true;
}
}
}
$objMember = null;
// Check for a follow-up registration (see #7992)
if (\Input::post('email', true) != '' && ($objMember = \MemberModel::findUnactivatedByEmail(\Input::post('email', true))) !== null) {
$this->resendActivationMail($objMember);
return;
}
$arrUser = array();
$arrFields = array();
$hasUpload = false;
$i = 0;
// Build form
foreach ($this->editable as $field) {
$arrData = $GLOBALS['TL_DCA']['tl_member']['fields'][$field];
// Map checkboxWizards to regular checkbox widgets
if ($arrData['inputType'] == 'checkboxWizard') {
$arrData['inputType'] = 'checkbox';
}
// Map fileTrees to upload widgets (see #8091)
if ($arrData['inputType'] == 'fileTree') {
$arrData['inputType'] = 'upload';
}
/** @var Widget $strClass */
$strClass = $GLOBALS['TL_FFL'][$arrData['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrData['eval']['required'] = $arrData['eval']['mandatory'];
// Unset the unique field check upon follow-up registrations
if ($objMember !== null && $arrData['eval']['unique'] && \Input::post($field) == $objMember->{$field}) {
$arrData['eval']['unique'] = false;
}
$objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $arrData['default'], '', '', $this));
$objWidget->storeValues = true;
$objWidget->rowClass = 'row_' . $i . ($i == 0 ? ' row_first' : '') . ($i % 2 == 0 ? ' even' : ' odd');
// Increase the row count if its a password field
if ($objWidget instanceof FormPassword) {
$objWidget->rowClassConfirm = 'row_' . ++$i . ($i % 2 == 0 ? ' even' : ' odd');
}
// Validate input
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
$varValue = $objWidget->value;
// Check whether the password matches the username
if ($objWidget instanceof FormPassword && \Encryption::verify(\Input::post('username'), $varValue)) {
$objWidget->addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
}
$rgxp = $arrData['eval']['rgxp'];
// Convert date formats into timestamps (check the eval setting first -> #3063)
if ($varValue != '' && in_array($rgxp, array('date', 'time', 'datim'))) {
try {
$objDate = new \Date($varValue, \Date::getFormatFromRgxp($rgxp));
$varValue = $objDate->tstamp;
} catch (\OutOfBoundsException $e) {
$objWidget->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varValue));
}
}
// Make sure that unique fields are unique (check the eval setting first -> #3063)
if ($arrData['eval']['unique'] && $varValue != '' && !$this->Database->isUniqueValue('tl_member', $field, $varValue)) {
$objWidget->addError(sprintf($GLOBALS['TL_LANG']['ERR']['unique'], $arrData['label'][0] ?: $field));
}
// Save callback
if ($objWidget->submitInput() && !$objWidget->hasErrors() && is_array($arrData['save_callback'])) {
foreach ($arrData['save_callback'] as $callback) {
try {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, null);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, null);
}
} catch (\Exception $e) {
$objWidget->class = 'error';
$objWidget->addError($e->getMessage());
}
}
}
// Store the current value
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
} elseif ($objWidget->submitInput()) {
// Set the correct empty value (see #6284, #6373)
if ($varValue === '') {
$varValue = $objWidget->getEmptyValue();
}
// Encrypt the value (see #7815)
if ($arrData['eval']['encrypt']) {
$varValue = \Encryption::encrypt($varValue);
}
// Set the new value
$arrUser[$field] = $varValue;
}
}
if ($objWidget instanceof \uploadable) {
$hasUpload = true;
}
$temp = $objWidget->parse();
$this->Template->fields .= $temp;
$arrFields[$arrData['eval']['feGroup']][$field] .= $temp;
++$i;
}
// Captcha
if (!$this->disableCaptcha) {
$objCaptcha->rowClass = 'row_' . $i . ($i == 0 ? ' row_first' : '') . ($i % 2 == 0 ? ' even' : ' odd');
$strCaptcha = $objCaptcha->parse();
$this->Template->fields .= $strCaptcha;
$arrFields['captcha']['captcha'] .= $strCaptcha;
}
$this->Template->rowLast = 'row_' . ++$i . ($i % 2 == 0 ? ' even' : ' odd');
$this->Template->enctype = $hasUpload ? 'multipart/form-data' : 'application/x-www-form-urlencoded';
$this->Template->hasError = $doNotSubmit;
// Create new user if there are no errors
if (\Input::post('FORM_SUBMIT') == $strFormId && !$doNotSubmit) {
$this->createNewUser($arrUser);
}
$this->Template->loginDetails = $GLOBALS['TL_LANG']['tl_member']['loginDetails'];
$this->Template->addressDetails = $GLOBALS['TL_LANG']['tl_member']['addressDetails'];
$this->Template->contactDetails = $GLOBALS['TL_LANG']['tl_member']['contactDetails'];
$this->Template->personalData = $GLOBALS['TL_LANG']['tl_member']['personalData'];
$this->Template->captchaDetails = $GLOBALS['TL_LANG']['MSC']['securityQuestion'];
// Add the groups
foreach ($arrFields as $k => $v) {
// Deprecated since Contao 4.0, to be removed in Contao 5.0
$this->Template->{$k} = $v;
$key = $k . ($k == 'personal' ? 'Data' : 'Details');
$arrGroups[$GLOBALS['TL_LANG']['tl_member'][$key]] = $v;
}
$this->Template->categories = $arrGroups;
$this->Template->formId = $strFormId;
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['register']);
$this->Template->action = \Environment::get('indexFreeRequest');
// Deprecated since Contao 4.0, to be removed in Contao 5.0
$this->Template->captcha = $arrFields['captcha']['captcha'];
}
/**
* Generate the filter panel and return it as HTML string
*
* @param integer $intFilterPanel
*
* @return string
*/
protected function filterMenu($intFilterPanel)
{
/** @var AttributeBagInterface $objSessionBag */
$objSessionBag = \System::getContainer()->get('session')->getBag('contao_backend');
$fields = '';
$this->bid = 'tl_buttons_a';
$sortingFields = array();
$session = $objSessionBag->all();
$filter = $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 4 ? $this->strTable . '_' . CURRENT_ID : $this->strTable;
// Get the sorting fields
foreach ($GLOBALS['TL_DCA'][$this->strTable]['fields'] as $k => $v) {
if (intval($v['filter']) == $intFilterPanel) {
$sortingFields[] = $k;
}
}
// Return if there are no sorting fields
if (empty($sortingFields)) {
return '';
}
// Set filter from user input
if (\Input::post('FORM_SUBMIT') == 'tl_filters') {
foreach ($sortingFields as $field) {
if (\Input::post($field, true) != 'tl_' . $field) {
$session['filter'][$filter][$field] = \Input::post($field, true);
} else {
unset($session['filter'][$filter][$field]);
}
}
$objSessionBag->replace($session);
} else {
foreach ($sortingFields as $field) {
if (isset($session['filter'][$filter][$field])) {
// Sort by day
if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6))) {
if ($session['filter'][$filter][$field] == '') {
$this->procedure[] = $field . "=''";
} else {
$objDate = new \Date($session['filter'][$filter][$field]);
$this->procedure[] = $field . ' BETWEEN ? AND ?';
$this->values[] = $objDate->dayBegin;
$this->values[] = $objDate->dayEnd;
}
} elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(7, 8))) {
if ($session['filter'][$filter][$field] == '') {
$this->procedure[] = $field . "=''";
} else {
$objDate = new \Date($session['filter'][$filter][$field]);
$this->procedure[] = $field . ' BETWEEN ? AND ?';
$this->values[] = $objDate->monthBegin;
$this->values[] = $objDate->monthEnd;
}
} elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(9, 10))) {
if ($session['filter'][$filter][$field] == '') {
$this->procedure[] = $field . "=''";
} else {
$objDate = new \Date($session['filter'][$filter][$field]);
$this->procedure[] = $field . ' BETWEEN ? AND ?';
$this->values[] = $objDate->yearBegin;
$this->values[] = $objDate->yearEnd;
}
} elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) {
// CSV lists (see #2890)
if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'])) {
$this->procedure[] = $this->Database->findInSet('?', $field, true);
$this->values[] = $session['filter'][$filter][$field];
} else {
$this->procedure[] = $field . ' LIKE ?';
$this->values[] = '%"' . $session['filter'][$filter][$field] . '"%';
}
} else {
$this->procedure[] = $field . '=?';
$this->values[] = $session['filter'][$filter][$field];
}
}
}
}
// Add sorting options
foreach ($sortingFields as $cnt => $field) {
$arrValues = array();
$arrProcedure = array();
if ($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 4) {
$arrProcedure[] = 'pid=?';
$arrValues[] = CURRENT_ID;
}
if (!empty($this->root) && is_array($this->root)) {
$arrProcedure[] = "id IN(" . implode(',', array_map('intval', $this->root)) . ")";
}
// Check for a static filter (see #4719)
if (!empty($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter']) && is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter'])) {
foreach ($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['filter'] as $fltr) {
$arrProcedure[] = $fltr[0];
$arrValues[] = $fltr[1];
}
}
// Support empty ptable fields
if ($GLOBALS['TL_DCA'][$this->strTable]['config']['dynamicPtable']) {
$arrProcedure[] = $this->ptable == 'tl_article' ? "(ptable=? OR ptable='')" : "ptable=?";
$arrValues[] = $this->ptable;
}
$objFields = $this->Database->prepare("SELECT DISTINCT " . $field . " FROM " . $this->strTable . (is_array($arrProcedure) && strlen($arrProcedure[0]) ? ' WHERE ' . implode(' AND ', $arrProcedure) : ''))->execute($arrValues);
// Begin select menu
$fields .= '
<select name="' . $field . '" id="' . $field . '" class="tl_select' . (isset($session['filter'][$filter][$field]) ? ' active' : '') . '">
<option value="tl_' . $field . '">' . (is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label']) ? $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label'][0] : $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['label']) . '</option>
<option value="tl_' . $field . '">---</option>';
if ($objFields->numRows) {
$options = $objFields->fetchEach($field);
// Sort by day
if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6))) {
$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 6 ? rsort($options) : sort($options);
foreach ($options as $k => $v) {
if ($v == '') {
$options[$v] = '-';
} else {
$options[$v] = \Date::parse(\Config::get('dateFormat'), $v);
}
unset($options[$k]);
}
} elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(7, 8))) {
$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 8 ? rsort($options) : sort($options);
foreach ($options as $k => $v) {
if ($v == '') {
$options[$v] = '-';
} else {
$options[$v] = date('Y-m', $v);
$intMonth = date('m', $v) - 1;
if (isset($GLOBALS['TL_LANG']['MONTHS'][$intMonth])) {
$options[$v] = $GLOBALS['TL_LANG']['MONTHS'][$intMonth] . ' ' . date('Y', $v);
}
}
unset($options[$k]);
}
} elseif (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(9, 10))) {
$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'] == 10 ? rsort($options) : sort($options);
foreach ($options as $k => $v) {
if ($v == '') {
$options[$v] = '-';
} else {
$options[$v] = date('Y', $v);
}
unset($options[$k]);
}
}
// Manual filter
if ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) {
$moptions = array();
// TODO: find a more effective solution
foreach ($options as $option) {
// CSV lists (see #2890)
if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'])) {
$doptions = trimsplit($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['csv'], $option);
} else {
$doptions = deserialize($option);
}
if (is_array($doptions)) {
$moptions = array_merge($moptions, $doptions);
}
}
$options = $moptions;
}
$options = array_unique($options);
$options_callback = array();
// Call the options_callback
if ((is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback']) || is_callable($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) && !$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference']) {
if (is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) {
$strClass = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'][0];
$strMethod = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'][1];
$this->import($strClass);
$options_callback = $this->{$strClass}->{$strMethod}($this);
} elseif (is_callable($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback'])) {
$options_callback = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options_callback']($this);
}
// Sort options according to the keys of the callback array
$options = array_intersect(array_keys($options_callback), $options);
}
$options_sorter = array();
$blnDate = in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(5, 6, 7, 8, 9, 10));
// Options
foreach ($options as $kk => $vv) {
$value = $blnDate ? $kk : $vv;
// Options callback
if (!empty($options_callback) && is_array($options_callback)) {
$vv = $options_callback[$vv];
} elseif (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['foreignKey'])) {
$key = explode('.', $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['foreignKey'], 2);
$objParent = $this->Database->prepare("SELECT " . $key[1] . " AS value FROM " . $key[0] . " WHERE id=?")->limit(1)->execute($vv);
if ($objParent->numRows) {
$vv = $objParent->value;
}
} elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['isBoolean'] || $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['inputType'] == 'checkbox' && !$GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['multiple']) {
$vv = $vv != '' ? $GLOBALS['TL_LANG']['MSC']['yes'] : $GLOBALS['TL_LANG']['MSC']['no'];
} elseif ($field == 'pid') {
$this->loadDataContainer($this->ptable);
$showFields = $GLOBALS['TL_DCA'][$this->ptable]['list']['label']['fields'];
if (!$showFields[0]) {
$showFields[0] = 'id';
}
$objShowFields = $this->Database->prepare("SELECT " . $showFields[0] . " FROM " . $this->ptable . " WHERE id=?")->limit(1)->execute($vv);
if ($objShowFields->numRows) {
$vv = $objShowFields->{$showFields[0]};
}
}
$option_label = '';
// Use reference array
if (isset($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'])) {
$option_label = is_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv]) ? $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv][0] : $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['reference'][$vv];
} elseif ($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['eval']['isAssociative'] || array_is_assoc($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options'])) {
$option_label = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['options'][$vv];
}
// No empty options allowed
if (!strlen($option_label)) {
$option_label = $vv ?: '-';
}
$options_sorter[' <option value="' . specialchars($value) . '"' . (isset($session['filter'][$filter][$field]) && $value == $session['filter'][$filter][$field] ? ' selected="selected"' : '') . '>' . $option_label . '</option>'] = Utf8::toAscii($option_label);
}
// Sort by option values
if (!$blnDate) {
natcasesort($options_sorter);
if (in_array($GLOBALS['TL_DCA'][$this->strTable]['fields'][$field]['flag'], array(2, 4, 12))) {
$options_sorter = array_reverse($options_sorter, true);
}
}
$fields .= "\n" . implode("\n", array_keys($options_sorter));
}
// End select menu
$fields .= '
</select> ';
// Force a line-break after six elements (see #3777)
if (($cnt + 1) % 6 == 0) {
$fields .= '<br>';
}
}
return '
<div class="tl_filter tl_subpanel">
<strong>' . $GLOBALS['TL_LANG']['MSC']['filter'] . ':</strong> ' . $fields . '
</div>';
}
/**
* Generate the module
*/
protected function compile()
{
// Show logout form
if (FE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
$this->Template->logout = true;
$this->Template->formId = 'tl_logout_' . $this->id;
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['logout']);
$this->Template->loggedInAs = sprintf($GLOBALS['TL_LANG']['MSC']['loggedInAs'], $this->User->username);
$this->Template->action = ampersand(\Environment::get('indexFreeRequest'));
if ($this->User->lastLogin > 0) {
/** @var PageModel $objPage */
global $objPage;
$this->Template->lastLogin = sprintf($GLOBALS['TL_LANG']['MSC']['lastLogin'][1], \Date::parse($objPage->datimFormat, $this->User->lastLogin));
}
return;
}
$blnHasError = false;
if (isset($_SESSION['MESSAGES'][TL_MODE]['TL_ERROR'])) {
$blnHasError = true;
$_SESSION['LOGIN_ERROR'] = $_SESSION['MESSAGES'][TL_MODE]['TL_ERROR'][0];
unset($_SESSION['MESSAGES'][TL_MODE]['TL_ERROR']);
}
if (isset($_SESSION['LOGIN_ERROR'])) {
$blnHasError = true;
$this->Template->message = $_SESSION['LOGIN_ERROR'];
}
$this->Template->hasError = $blnHasError;
$this->Template->username = $GLOBALS['TL_LANG']['MSC']['username'];
$this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$this->Template->action = ampersand(\Environment::get('indexFreeRequest'));
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['login']);
$this->Template->value = \StringUtil::specialchars(\Input::post('username'));
$this->Template->formId = 'tl_login_' . $this->id;
$this->Template->autologin = $this->autologin && \Config::get('autologin') > 0;
$this->Template->autoLabel = $GLOBALS['TL_LANG']['MSC']['autologin'];
}
/**
* @param array $arrClasses
* @param DataContainer $dc
*/
protected function saveClassesToCssID(array $arrClasses, DataContainer $dc)
{
$strCssIDName = $this->getCssIDName($dc->id);
$arrPostedCssID = Input::post($strCssIDName);
$arrPostedCssID[1] = implode(' ', $arrClasses);
$arrPostedCssID[1] = str_replace(' ', ' ', $arrPostedCssID[1]);
$arrPostedCssID[1] = trim($arrPostedCssID[1]);
$dc->activeRecord->cssID = serialize($arrPostedCssID);
Input::setPost($strCssIDName, $arrPostedCssID);
$objDatabase = Database::getInstance();
$objDatabase->prepare("UPDATE {$dc->table} SET cssID=? WHERE id=?")->execute(serialize($arrPostedCssID), $dc->id);
}
/**
* Generate the module
*/
protected function compile()
{
/** @var PageModel $objPage */
global $objPage;
$this->import('FrontendUser', 'User');
$GLOBALS['TL_LANGUAGE'] = $objPage->language;
\System::loadLanguageFile('tl_member');
$this->loadDataContainer('tl_member');
// Old password widget
$arrFields['oldPassword'] = array('name' => 'oldpassword', 'label' => &$GLOBALS['TL_LANG']['MSC']['oldPassword'], 'inputType' => 'text', 'eval' => array('mandatory' => true, 'preserveTags' => true, 'hideInput' => true));
// New password widget
$arrFields['newPassword'] = $GLOBALS['TL_DCA']['tl_member']['fields']['password'];
$arrFields['newPassword']['name'] = 'password';
$arrFields['newPassword']['label'] =& $GLOBALS['TL_LANG']['MSC']['newPassword'];
$row = 0;
$strFields = '';
$doNotSubmit = false;
$objMember = \MemberModel::findByPk($this->User->id);
$strFormId = 'tl_change_password_' . $this->id;
$flashBag = \System::getContainer()->get('session')->getFlashBag();
$strTable = $objMember->getTable();
// Initialize the versioning (see #8301)
$objVersions = new \Versions($strTable, $objMember->id);
$objVersions->setUsername($objMember->username);
$objVersions->setUserId(0);
$objVersions->setEditUrl('contao/main.php?do=member&act=edit&id=%s&rt=1');
$objVersions->initialize();
/** @var FormTextField $objOldPassword */
$objOldPassword = null;
/** @var FormPassword $objNewPassword */
$objNewPassword = null;
// Initialize the widgets
foreach ($arrFields as $strKey => $arrField) {
/** @var Widget $strClass */
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
/** @var Widget $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name']));
$objWidget->storeValues = true;
$objWidget->rowClass = 'row_' . $row . ($row == 0 ? ' row_first' : '') . ($row % 2 == 0 ? ' even' : ' odd');
// Increase the row count if it is a password field
if ($objWidget instanceof FormPassword) {
$objWidget->rowClassConfirm = 'row_' . ++$row . ($row % 2 == 0 ? ' even' : ' odd');
}
++$row;
// Store the widget objects
$strVar = 'obj' . ucfirst($strKey);
${$strVar} = $objWidget;
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
// Validate the old password
if ($strKey == 'oldPassword') {
if (\Encryption::test($objMember->password)) {
$blnAuthenticated = \Encryption::verify($objWidget->value, $objMember->password);
} else {
list($strPassword, $strSalt) = explode(':', $objMember->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1($objWidget->value) : $strPassword === sha1($strSalt . $objWidget->value);
}
if (!$blnAuthenticated) {
$objWidget->value = '';
$objWidget->addError($GLOBALS['TL_LANG']['MSC']['oldPasswordWrong']);
sleep(2);
// Wait 2 seconds while brute forcing :)
}
}
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$strFields .= $objWidget->parse();
}
$this->Template->fields = $strFields;
$this->Template->hasError = $doNotSubmit;
// Store the new password
if (\Input::post('FORM_SUBMIT') == $strFormId && !$doNotSubmit) {
$objMember->tstamp = time();
$objMember->password = $objNewPassword->value;
$objMember->save();
// Create a new version
if ($GLOBALS['TL_DCA'][$strTable]['config']['enableVersioning']) {
$objVersions->create();
}
// HOOK: set new password callback
if (isset($GLOBALS['TL_HOOKS']['setNewPassword']) && is_array($GLOBALS['TL_HOOKS']['setNewPassword'])) {
foreach ($GLOBALS['TL_HOOKS']['setNewPassword'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($objMember, $objNewPassword->value, $this);
}
}
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) instanceof PageModel) {
$this->jumpToOrReload($objJumpTo->row());
}
$flashBag->set('mod_change_password_confirm', $GLOBALS['TL_LANG']['MSC']['newPasswordSet']);
$this->reload();
}
// Confirmation message
if ($flashBag->has('mod_change_password_confirm')) {
$arrMessages = $flashBag->get('mod_change_password_confirm');
$this->Template->message = $arrMessages[0];
}
$this->Template->formId = $strFormId;
$this->Template->action = \Environment::get('indexFreeRequest');
$this->Template->slabel = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['changePassword']);
$this->Template->rowLast = 'row_' . $row . ' row_last' . ($row % 2 == 0 ? ' even' : ' odd');
}
