public function grab() { parent::grab(); $author_ids = $this->_getAuthorIds(); $authors = AuthorManager::fetchByID($author_ids, 'id', $this->dsParamORDER); return (array) $authors; }
public function ldap_login($context) { if (!empty($context->username) || !empty($_POST['password'])) { //LDAP connection $ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors')); if ($ldap) { ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors')); $filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors')); $basedn = Symphony::Configuration()->get('basedn', 'ldap_authors'); try { //Attempt to authenticate to the LDAP server $bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']); $user = AuthorManager::fetchByUsername($context['username']); if (count($user) > 0 && $user->get('LDAP') === '1') { //LDAP user has visited before therefore login $this->login($user); return true; } else { //New LDAP user, we need to insert their details in the authors table $ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn); if ($ldap_user) { //Get attributes and insert data $attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors')); $author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]); if (count($author_details) == 3) { $id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true)); if ($id) { //Once user is inserted log them in $user = AuthorManager::fetchByID($id); $this->login($user); return true; } else { Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR); } } else { Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR); } } else { Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR); } } } catch (Exception $e) { Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING); } return false; } else { Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR); } } }
public function __viewIndex() { $entry_id = $_REQUEST['entry_id']; $author_id = $_REQUEST['author_id']; if (!$entry_id || !$author_id) { echo json_encode('expired'); exit; } $setup = $_REQUEST['setup']; $force = $_REQUEST['force']; if ($force == 'true') { $this->_driver->removeTheLockByEntry($entry_id); $this->_driver->renewTheLock($entry_id, $author_id); echo json_encode('true'); exit; } $lock = $this->_driver->lockExists($entry_id); if ($author_id != $lock[0] && $lock[0] > 0) { $authorManager = new AuthorManager($this->_Parent); $author = $authorManager->fetchByID($lock[0]); echo json_encode($author->getFullName()); } else { if ($lock == -1) { echo json_encode('expired-lifetime'); } else { if ($lock == 0 && $setup == true) { $this->_driver->renewTheLock($entry_id, $author_id); echo json_encode('true'); } else { if ($lock == 0) { echo json_encode('expired'); } else { $this->_driver->renewTheLock($entry_id, $author_id); echo json_encode('true'); } } } } exit; }
public static function get() { $url_parts = REST_API::getRequestURI(); $author_url = $url_parts[0]; $response = new XMLElement('response'); if (isset($author_url)) { if (is_numeric($author_url)) { $author = AuthorManager::fetchByID($author_url); } else { $author = AuthorManager::fetchByUsername($author_url); } if (!$author) { REST_API::sendError('Author not found.', 404); } $response->appendChild(self::__buildAuthorXML($author)); } else { $authors = AuthorManager::fetch(); foreach ($authors as $author) { $response->appendChild(self::__buildAuthorXML($author)); } } REST_API::sendOutput($response); }
/** * Give the field some data and ask it to return a value using one of many * possible modes. * * @param mixed $data * @param integer $mode * @param integer $entry_id * @return array|null */ public function prepareExportValue($data, $mode, $entry_id = null) { $modes = (object) $this->getExportModes(); // Make sure we have an array to work with: if (isset($data['author_id']) && is_array($data['author_id']) === false) { $data['author_id'] = array($data['author_id']); } // Return the author IDs: if ($mode === $modes->listAuthor || $mode === $modes->getPostdata) { return isset($data['author_id']) ? $data['author_id'] : array(); } // All other modes require full data: $authors = isset($data['author_id']) ? AuthorManager::fetchByID($data['author_id']) : array(); $items = array(); foreach ($authors as $author) { if (is_null($author)) { continue; } if ($mode === $modes->listAuthorObject) { $items[] = $author; } else { if ($mode === $modes->listValue) { $items[] = $author->getFullName(); } else { if ($mode === $modes->listAuthorToValue) { $items[$data['author_id']] = $author->getFullName(); } } } } return $items; }
function action() { if (isset($_POST['action'])) { $actionParts = array_keys($_POST['action']); $action = end($actionParts); ##Login Attempted if ($action == 'login') { if (empty($_POST['username']) || empty($_POST['password']) || !$this->_Parent->login($_POST['username'], $_POST['password'])) { ## TODO: Fix Me ### # Delegate: LoginFailure # Description: Failed login attempt. Username is provided. //$ExtensionManager->notifyMembers('LoginFailure', getCurrentPage(), array('username' => $_POST['username'])); //$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>')); //$this->_alert = 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>'; $this->_invalidPassword = true; } else { ## TODO: Fix Me ### # Delegate: LoginSuccess # Description: Successful login attempt. Username is provided. //$ExtensionManager->notifyMembers('LoginSuccess', getCurrentPage(), array('username' => $_POST['username'])); if (isset($_POST['redirect'])) { redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect'])); } redirect(URL . '/symphony/'); } ##Reset of password requested } elseif ($action == 'reset') { $author = $this->_Parent->Database->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . $_POST['email'] . "'"); if (!empty($author)) { $this->_Parent->Database->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' "); if (!($token = $this->_Parent->Database->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) { $token = substr(md5(time() . rand(0, 200)), 0, 6); $this->_Parent->Database->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass'); } $this->_email_sent = General::sendEmail($author['email'], $this->_Parent->Database->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . URL . "/symphony/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team')); ## TODO: Fix Me ### # Delegate: PasswordResetSuccess # Description: A successful password reset has taken place. Author ID is provided //$ExtensionManager->notifyMembers('PasswordResetSuccess', getCurrentPage(), array('author_id' => $author['id'])); } else { ## TODO: Fix Me ### # Delegate: PasswordResetFailure # Description: A failed password reset has taken place. Author ID is provided //$ExtensionManager->notifyMembers('PasswordResetFailure', getCurrentPage(), array('author_id' => $author['id'])); $this->_email_sent = false; } ##Change of password requested } elseif ($action == 'change' && $this->_Parent->isLoggedIn()) { if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) { $this->_mismatchedPassword = true; } else { $author_id = $this->_Parent->Author->get('id'); require_once TOOLKIT . '/class.authormanager.php'; $authorManager = new AuthorManager($this->_Parent); $author = $authorManager->fetchByID($author_id); $author->set('password', md5($this->_Parent->Database->cleanValue($_POST['password']))); if (!$author->commit() || !$this->_Parent->login($author->get('username'), $_POST['password'])) { redirect(URL . "symphony/system/authors/edit/{$author_id}/error/"); } ## TODO: Fix me ### # Delegate: PasswordChanged # Description: After editing an author. ID of the author is provided. //$ExtensionManager->notifyMembers('PasswordChanged', getCurrentPage(), array('author_id' => $author_id)); redirect(URL . '/symphony/'); } } } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) { $sql = "SELECT t1.`id`, t1.`email`, t1.`first_name` \n\t\t\t\t\t FROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . $_REQUEST['token'] . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1"; $author = $this->_Parent->Database->fetchRow(0, $sql); if (!empty($author)) { $newpass = General::generatePassword(); General::sendEmail($author['email'], '*****@*****.**', 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $author['first_name'] . ',' . self::CRLF . "As requested, here is your new Symphony Author Password for '" . URL . "'" . self::CRLF . "\t{$newpass}" . self::CRLF . self::CRLF . 'Best Regards,' . self::CRLF . 'The Symphony Team'); $this->_Parent->Database->update(array('password' => md5($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1"); $this->_Parent->Database->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'"); ## TODO: Fix Me ### # Delegate: PasswordResetRequest # Description: User has requested a password reset. Author ID is provided. //$ExtensionManager->notifyMembers('PasswordResetRequest', getCurrentPage(), array('author_id' => $author['id'])); $this->_alert = 'Password reset. Check your email'; } } }
/** * This function determines whether an there is a currently logged in * Author for Symphony by using the `$Cookie`'s username * and password. If an Author is found, they will be logged in, otherwise * the `$Cookie` will be destroyed. * * @see core.Cookie#expire() */ public function isLoggedIn() { // Ensures that we're in the real world.. Also reduces three queries from database // We must return true otherwise exceptions are not shown if (is_null(self::$_instance)) { return true; } if ($this->Author) { return true; } else { $username = self::$Database->cleanValue($this->Cookie->get('username')); $password = self::$Database->cleanValue($this->Cookie->get('pass')); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1"); if ($id) { self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'"); $this->Author = AuthorManager::fetchByID($id); Lang::set($this->Author->get('language')); return true; } } $this->Cookie->expire(); return false; } }
foreach ($this->dsParamFILTERS as $field => $value) { if (!is_array($value) && trim($value) == '') { continue; } $ret = __processAuthorFilter($field, $value, Symphony::Database()); if (empty($ret)) { $author_ids = array(); break; } if (empty($author_ids)) { $author_ids = $ret; continue; } $author_ids = array_intersect($author_ids, $ret); } $authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER); } else { $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER); } if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') { throw new FrontendPageNotFoundException(); } else { if (!$this->_param_output_only) { $result = new XMLElement($this->dsParamROOTELEMENT); } foreach ($authors as $author) { if (isset($this->dsParamPARAMOUTPUT)) { $key = 'ds-' . $this->dsParamROOTELEMENT; if (!is_array($param_pool[$key])) { $param_pool[$key] = array(); }
/** * Symphony allows Authors to login via the use of tokens instead of * a username and password. A token is derived from concatenating the * Author's username and password and applying the sha1 hash to * it, from this, a portion of the hash is used as the token. This is a useful * feature often used when setting up other Authors accounts or if an * Author forgets their password. * * @param string $token * The Author token, which is a portion of the hashed string concatenation * of the Author's username and password * @return boolean * True if the Author is logged in, false otherwise */ public function loginFromToken($token) { $token = self::Database()->cleanValue($token); if (strlen(trim($token)) == 0) { return false; } if (strlen($token) == 6) { $row = self::Database()->fetchRow(0, sprintf("\n\t\t\t\t\t\tSELECT `a`.`id`, `a`.`username`, `a`.`password`\n\t\t\t\t\t\tFROM `tbl_authors` AS `a`, `tbl_forgotpass` AS `f`\n\t\t\t\t\t\tWHERE `a`.`id` = `f`.`author_id`\n\t\t\t\t\t\tAND `f`.`expiry` > '%s'\n\t\t\t\t\t\tAND `f`.`token` = '%s'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", DateTimeObj::getGMT('c'), $token)); self::Database()->delete('tbl_forgotpass', " `token` = '{$token}' "); } else { $row = self::Database()->fetchRow(0, sprintf("SELECT `id`, `username`, `password`\n\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\tWHERE SUBSTR(%s(CONCAT(`username`, `password`)), 1, 8) = '%s'\n\t\t\t\t\tAND `auth_token_active` = 'yes'\n\t\t\t\t\tLIMIT 1", 'SHA1', $token)); } if ($row) { $this->Author = AuthorManager::fetchByID($row['id']); $this->Cookie->set('username', $row['username']); $this->Cookie->set('pass', $row['password']); self::Database()->update(array('last_seen' => DateTimeObj::getGMT('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'"); return true; } return false; }
public function formatAuthorString($id, $username) { // Get author info $author = AuthorManager::fetchByID($id); // If the author no longer exists, use the fallback name if (!$author instanceof Author) { $author_string = $username; } else { $author_string = Widget::Anchor($author->getFullName(), '/symphony/system/authors/edit/' . $id)->generate(); } return $author_string; }
public function prepareTableValue($data, XMLElement $link = NULL, $entry_id = null) { if (!is_array($data['author_id'])) { $data['author_id'] = array($data['author_id']); } if (empty($data['author_id'])) { return NULL; } $value = array(); foreach ($data['author_id'] as $author_id) { $author = AuthorManager::fetchByID($author_id); if (!is_null($author)) { $value[] = $author->getFullName(); } } return parent::prepareTableValue(array('value' => General::sanitize(implode(', ', $value))), $link, $entry_id); }
foreach ($this->dsParamFILTERS as $field => $value) { if (!is_array($value) && trim($value) == '') { continue; } $ret = __processAuthorFilter($field, $value, Symphony::Database()); if (empty($ret)) { $author_ids = array(); break; } if (empty($author_ids)) { $author_ids = $ret; continue; } $author_ids = array_intersect($author_ids, $ret); } $authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT); } else { $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT); } if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') { throw new FrontendPageNotFoundException(); } else { if (!$this->_param_output_only) { $result = new XMLElement($this->dsParamROOTELEMENT); } foreach ($authors as $author) { if (isset($this->dsParamPARAMOUTPUT)) { $key = 'ds-' . $this->dsParamROOTELEMENT; if (!is_array($param_pool[$key])) { $param_pool[$key] = array(); }
public function groupRecords($records) { if (!is_array($records) || empty($records)) { return; } $groups = array($this->get('element_name') => array()); foreach ($records as $r) { $data = $r->getData($this->get('id')); if (!isset($data['author_id'])) { continue; } if (!isset($groups[$this->get('element_name')][$data['author_id']])) { $author = AuthorManager::fetchByID($data['author_id']); $groups[$this->get('element_name')][$data['author_id']] = array('attr' => array('author-id' => $data['author_id'], 'username' => $author->get('username'), 'full-name' => $author->getFullName()), 'records' => array(), 'groups' => array()); } $groups[$this->get('element_name')][$data['author_id']]['records'][] = $r; } return $groups; }
public function appendFormattedElement(&$wrapper, $data, $encode = false) { if (!is_array($data['author_id'])) { $data['author_id'] = array($data['author_id']); } $list = new XMLElement($this->get('element_name')); foreach ($data['author_id'] as $author_id) { $author = AuthorManager::fetchByID($author_id); if (is_null($author)) { continue; } $list->appendChild(new XMLElement('item', $author->getFullName(), array('id' => (string) $author->get('id'), 'username' => General::sanitize($author->get('username'))))); } $wrapper->appendChild($list); }
public function eventPreSave($context) { $event = $context['event']; if (in_array("lock-entry", $event->eParamFILTERS)) { // see if we're editing anything if (!isset($_POST['id'])) { //change $context['message'] return; } else { $entry_id = $_POST['id']; } // if there's no user logged in, user_id still has to be set to something $author_id = $context['parent']->isLoggedIn() ? $context['parent']->Author->get('id') : 1; if (($lock = $this->lockExists($entry_id)) <= 0) { // if a lock doesn't exist or is expired, we can just give them one (ie ignore it) $context['messages'] = array(array('lock-entry', 'passed', '')); } else { // the lock exists, see if it's owned by the user if ($lock[0] != $author_id) { $authorManager = new AuthorManager($this->_Parent); $authors = $authorManager->fetchByID($this->locked[1]); $context['messages'] = array(array('lock-entry', 'failed', 'This lease is currently owned by ' . $authors->getFullName() . '.')); } } } }
public function __actionEdit() { if (!($author_id = $this->_context[1])) { redirect(SYMPHONY_URL . '/system/authors/'); } $isOwner = $author_id == Administration::instance()->Author->get('id'); if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) { $fields = $_POST['fields']; $this->_Author = AuthorManager::fetchByID($author_id); $authenticated = false; if ($fields['email'] != $this->_Author->get('email')) { $changing_email = true; } // Check the old password was correct if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) { $authenticated = true; } else { if (Administration::instance()->Author->isDeveloper()) { $authenticated = true; } } $this->_Author->set('id', $author_id); if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) { $this->_Author->set('user_type', 'developer'); // Primary accounts are always developer, Developers can't lower their level } elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) { $this->_Author->set('user_type', $fields['user_type']); // Only developer can change user type } $this->_Author->set('email', $fields['email']); $this->_Author->set('username', $fields['username']); $this->_Author->set('first_name', General::sanitize($fields['first_name'])); $this->_Author->set('last_name', General::sanitize($fields['last_name'])); $this->_Author->set('language', $fields['language']); if (trim($fields['password']) != '') { $this->_Author->set('password', General::hash($fields['password'])); $changing_password = true; } // Don't allow authors to set the Section Index as a default area // If they had it previously set, just save `null` which will redirect // the Author (when logging in) to their own Author record if ($this->_Author->get('user_type') == 'author' && $fields['default_area'] == '/blueprints/sections/') { $this->_Author->set('default_area', null); } else { $this->_Author->set('default_area', $fields['default_area']); } $this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no'); if ($this->_Author->validate($this->_errors)) { if (!$authenticated && ($changing_password || $changing_email)) { if ($changing_password) { $this->_errors['old-password'] = __('Wrong password. Enter old password to change it.'); } elseif ($changing_email) { $this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.'); } } elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) { $this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match'); } elseif ($this->_Author->commit()) { Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' "); if ($isOwner) { Administration::instance()->login($this->_Author->get('username'), $this->_Author->get('password'), true); } /** * After editing an author, provided with the Author object * * @delegate AuthorPostEdit * @since Symphony 2.2 * @param string $context * '/system/authors/' * @param Author $author * An Author object */ Symphony::ExtensionManager()->notifyMembers('AuthorPostEdit', '/system/authors/', array('author' => $this->_Author)); redirect(SYMPHONY_URL . '/system/authors/edit/' . $author_id . '/saved/'); } else { $this->pageAlert(__('Unknown errors occurred while attempting to save.') . '<a href="' . SYMPHONY_URL . '/system/log/">' . __('Check your activity log') . '</a>.', Alert::ERROR); } } else { if (is_array($this->_errors) && !empty($this->_errors)) { $this->pageAlert(__('There were some problems while attempting to save. Please check below for problem fields.'), Alert::ERROR); } } } else { if (@array_key_exists('delete', $_POST['action'])) { /** * Prior to deleting an author, provided with the Author ID. * * @delegate AuthorPreDelete * @since Symphony 2.2 * @param string $context * '/system/authors/' * @param integer $author_id * The ID of Author ID that is about to be deleted */ Symphony::ExtensionManager()->notifyMembers('AuthorPreDelete', '/system/authors/', array('author_id' => $author_id)); if (!$isOwner) { AuthorManager::delete($author_id); redirect(SYMPHONY_URL . '/system/authors/'); } else { $this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR); } } } }
public function execute(array &$param_pool = null) { $author_ids = array(); if (is_array($this->dsParamFILTERS) && !empty($this->dsParamFILTERS)) { foreach ($this->dsParamFILTERS as $field => $value) { if (!is_array($value) && trim($value) == '') { continue; } $ret = $this->__processAuthorFilter($field, $value); if (empty($ret)) { $author_ids = array(); break; } if (empty($author_ids)) { $author_ids = $ret; continue; } $author_ids = array_intersect($author_ids, $ret); } $authors = AuthorManager::fetchByID(array_values($author_ids)); } else { $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER); } if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') { throw new FrontendPageNotFoundException(); } elseif (!is_array($authors) || empty($authors)) { $result = $this->emptyXMLSet(); return $result; } else { if (!$this->_param_output_only) { $result = new XMLElement($this->dsParamROOTELEMENT); } $singleParam = false; $key = 'ds-' . $this->dsParamROOTELEMENT; if (isset($this->dsParamPARAMOUTPUT)) { if (!is_array($this->dsParamPARAMOUTPUT)) { $this->dsParamPARAMOUTPUT = array($this->dsParamPARAMOUTPUT); } $singleParam = count($this->dsParamPARAMOUTPUT) === 1; } foreach ($authors as $author) { if (isset($this->dsParamPARAMOUTPUT)) { foreach ($this->dsParamPARAMOUTPUT as $param) { // The new style of paramater is `ds-datasource-handle.field-handle` $param_key = $key . '.' . str_replace(':', '-', $param); if (!is_array($param_pool[$param_key])) { $param_pool[$param_key] = array(); } $param_pool[$param_key][] = $param === 'name' ? $author->getFullName() : $author->get($param); if ($singleParam) { if (!is_array($param_pool[$key])) { $param_pool[$key] = array(); } $param_pool[$key][] = $param === 'name' ? $author->getFullName() : $author->get($param); } } } if ($this->_param_output_only) { continue; } $xAuthor = new XMLElement('author'); $xAuthor->setAttributeArray(array('id' => $author->get('id'), 'user-type' => $author->get('user_type'), 'primary-account' => $author->get('primary'))); // No included elements, so just create the Author XML if (!isset($this->dsParamINCLUDEDELEMENTS) || !is_array($this->dsParamINCLUDEDELEMENTS) || empty($this->dsParamINCLUDEDELEMENTS)) { $result->appendChild($xAuthor); } else { // Name if (in_array('name', $this->dsParamINCLUDEDELEMENTS)) { $xAuthor->appendChild(new XMLElement('name', $author->getFullName())); } // Username if (in_array('username', $this->dsParamINCLUDEDELEMENTS)) { $xAuthor->appendChild(new XMLElement('username', $author->get('username'))); } // Email if (in_array('email', $this->dsParamINCLUDEDELEMENTS)) { $xAuthor->appendChild(new XMLElement('email', $author->get('email'))); } // Author Token if (in_array('author-token', $this->dsParamINCLUDEDELEMENTS) && $author->isTokenActive()) { $xAuthor->appendChild(new XMLElement('author-token', $author->createAuthToken())); } // Default Area if (in_array('default-area', $this->dsParamINCLUDEDELEMENTS) && !is_null($author->get('default_area'))) { // Section if ($section = SectionManager::fetch($author->get('default_area'))) { $default_area = new XMLElement('default-area', $section->get('name')); $default_area->setAttributeArray(array('id' => $section->get('id'), 'handle' => $section->get('handle'), 'type' => 'section')); $xAuthor->appendChild($default_area); } else { $default_area = new XMLElement('default-area', $author->get('default_area')); $default_area->setAttribute('type', 'page'); $xAuthor->appendChild($default_area); } } $result->appendChild($xAuthor); } } } return $result; }
function __actionEdit() { if (!($author_id = $this->_context[1])) { redirect(URL . '/symphony/system/authors/'); } $isOwner = $author_id == Administration::instance()->Author->get('id'); if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) { $fields = $_POST['fields']; $this->_Author = AuthorManager::fetchByID($author_id); $authenticated = false; if ($fields['email'] != $this->_Author->get('email')) { $changing_email = true; } // Check the old password was correct if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) { $authenticated = true; } elseif (Administration::instance()->Author->isDeveloper() && $isOwner === false) { $authenticated = true; } $this->_Author->set('id', $author_id); if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) { $this->_Author->set('user_type', 'developer'); // Primary accounts are always developer, Developers can't lower their level } elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) { $this->_Author->set('user_type', $fields['user_type']); // Only developer can change user type } $this->_Author->set('email', $fields['email']); $this->_Author->set('username', $fields['username']); $this->_Author->set('first_name', General::sanitize($fields['first_name'])); $this->_Author->set('last_name', General::sanitize($fields['last_name'])); $this->_Author->set('language', $fields['language']); if (trim($fields['password']) != '') { $this->_Author->set('password', General::hash($fields['password'])); $changing_password = true; } $this->_Author->set('default_section', intval($fields['default_section'])); $this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no'); if ($this->_Author->validate($this->_errors)) { if (!$authenticated && ($changing_password || $changing_email)) { if ($changing_password) { $this->_errors['old-password'] = __('Wrong password. Enter old password to change it.'); } elseif ($changing_email) { $this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.'); } } elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) { $this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match'); } elseif ($this->_Author->commit()) { Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' "); if ($isOwner) { $this->_Parent->login($this->_Author->get('username'), $this->_Author->get('password'), true); } ## TODO: Fix me ### # Delegate: Edit # Description: After editing an author. ID of the author is provided. //$ExtensionManager->notifyMembers('Edit', getCurrentPage(), array('author_id' => $_REQUEST['id'])); redirect(URL . '/symphony/system/authors/edit/' . $author_id . '/saved/'); } else { $this->pageAlert(__('Unknown errors occurred while attempting to save. Please check your <a href="%s">activity log</a>.', array(URL . '/symphony/system/log/')), Alert::ERROR); } } } elseif (@array_key_exists('delete', $_POST['action'])) { ## TODO: Fix Me ### # Delegate: Delete # Description: Prior to deleting an author. ID is provided. //$ExtensionManager->notifyMembers('Delete', getCurrentPage(), array('author_id' => $author_id)); if (!$isOwner) { AuthorManager::delete($author_id); redirect(URL . '/symphony/system/authors/'); } else { $this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR); } } }
public function groupRecords($records) { if (!is_array($records) || empty($records)) { return; } $groups = array($this->get('element_name') => array()); foreach ($records as $r) { $data = $r->getData($this->get('id')); $author_id = !isset($data['author_id']) ? 0 : $data['author_id']; if (!isset($groups[$this->get('element_name')][$author_id])) { $author = AuthorManager::fetchByID($author_id); // If there is an author, use those values, otherwise just blank it. if ($author instanceof Author) { $username = $author->get('username'); $full_name = $author->getFullName(); } else { $username = ''; $full_name = ''; } $groups[$this->get('element_name')][$author_id] = array('attr' => array('author-id' => $author_id, 'username' => $username, 'full-name' => $full_name), 'records' => array(), 'groups' => array()); } $groups[$this->get('element_name')][$author_id]['records'][] = $r; } return $groups; }
public function action() { if (isset($_POST['action'])) { $actionParts = array_keys($_POST['action']); $action = end($actionParts); ##Login Attempted if ($action == 'login') { if (empty($_POST['username']) || empty($_POST['password']) || !Administration::instance()->login($_POST['username'], $_POST['password'])) { /** * A failed login attempt into the Symphony backend * * @delegate AuthorLoginFailure * @since Symphony 2.2 * @param string $context * '/login/' * @param string $username * The username of the Author who attempted to login. */ Symphony::ExtensionManager()->notifyMembers('AuthorLoginFailure', '/login/', array('username' => $_POST['username'])); $this->_invalidPassword = true; } else { /** * A successful login attempt into the Symphony backend * * @delegate AuthorLoginSuccess * @since Symphony 2.2 * @param string $context * '/login/' * @param string $username * The username of the Author who logged in. */ Symphony::ExtensionManager()->notifyMembers('AuthorLoginSuccess', '/login/', array('username' => $_POST['username'])); if (isset($_POST['redirect'])) { redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect'])); } redirect(SYMPHONY_URL); } ##Reset of password requested } elseif ($action == 'reset') { $author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . Symphony::Database()->cleanValue($_POST['email']) . "'"); if (!empty($author)) { Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' "); if (!($token = Symphony::Database()->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) { $token = substr(General::hash(time() . rand(0, 1000)), 0, 6); Symphony::Database()->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass'); } try { $email = Email::create(); $email->recipients = $author['email']; $email->subject = __('New Symphony Account Password'); $email->text_plain = __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . ' ' . SYMPHONY_URL . "/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'); $email->send(); $this->_email_sent = true; } catch (Exception $e) { } catch (EmailGatewayException $e) { throw new SymphonyErrorPage('Error sending email. ' . $e->getMessage()); } /** * When a password reset has occured and after the Password * Reset email has been sent. * * @delegate AuthorPostPasswordResetSuccess * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who requested the password reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetSuccess', '/login/', array('author_id' => $author['id'])); } else { /** * When a password reset has been attempted, but Symphony doesn't * recognise the credentials the user has given. * * @delegate AuthorPostPasswordResetFailure * @since Symphony 2.2 * @param string $context * '/login/' * @param string $email * The santizied Email of the Author who tried to request the password reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetFailure', '/login/', array('email' => Symphony::Database()->cleanValue($_POST['email']))); $this->_email_sent = false; } ##Change of password requested } elseif ($action == 'change' && Administration::instance()->isLoggedIn()) { if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) { $this->_mismatchedPassword = true; } else { $author_id = Administration::instance()->Author->get('id'); $author = AuthorManager::fetchByID($author_id); $author->set('password', General::hash(Symphony::Database()->cleanValue($_POST['password']))); if (!$author->commit() || !Administration::instance()->login($author->get('username'), $_POST['password'])) { redirect(SYMPHONY_URL . "/system/authors/edit/{$author_id}/error/"); } /** * When an Author changes their password as the result of a login * with an emergency token (ie. forgot password). Just after their * new password has been set successfully * * @delegate AuthorPostPasswordChange * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who has just changed their password */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordChange', '/login/', array('author_id' => $author_id)); redirect(SYMPHONY_URL); } } } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) { $author = Symphony::Database()->fetchRow(0, "SELECT t1.`id`, t1.`email`, t1.`first_name`\n\t\t\t\t\t\tFROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . Symphony::Database()->cleanValue($_REQUEST['token']) . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1"); if (!empty($author)) { $newpass = General::generatePassword(); General::sendEmail($author['email'], Symphony::Database()->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __("As requested, here is your new Symphony Author Password for ") . URL . " " . self::CRLF . " {$newpass}" . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team')); Symphony::Database()->update(array('password' => General::hash($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1"); Symphony::Database()->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'"); /** * Just after a Forgot Password email has been sent to the Author * who has requested a password reset. * * @delegate AuthorPostPasswordResetRequest * @since Symphony 2.2 * @param string $context * '/login/' * @param integer $author_id * The ID of the Author who has requested their password be reset */ Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetRequest', '/login/', array('author_id' => $author['id'])); $this->_alert = __('Password reset. Check your email'); } } }