/** * Do password reset. * * @access public * @since 2.0.0 * * @param int $UserID Unique. * @param string $PasswordResetKey Authenticate with unique, 1-time code sent via email. */ public function passwordReset($UserID = '', $PasswordResetKey = '') { $PasswordResetKey = trim($PasswordResetKey); if (!is_numeric($UserID) || $PasswordResetKey == '' || $this->UserModel->getAttribute($UserID, 'PasswordResetKey', '') != $PasswordResetKey) { $this->Form->addError('Failed to authenticate your password reset request. Try using the reset request form again.'); Logger::event('password_reset_failure', Logger::NOTICE, '{username} failed to authenticate password reset request.'); $this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]); } $Expires = $this->UserModel->getAttribute($UserID, 'PasswordResetExpires'); if ($this->Form->errorCount() === 0 && $Expires < time()) { $this->Form->addError('@' . t('Your password reset token has expired.', 'Your password reset token has expired. Try using the reset request form again.')); Logger::event('password_reset_failure', Logger::NOTICE, '{username} has an expired reset token.'); $this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]); } if ($this->Form->errorCount() == 0) { $User = $this->UserModel->getID($UserID, DATASET_TYPE_ARRAY); if ($User) { $User = arrayTranslate($User, array('UserID', 'Name', 'Email')); $this->setData('User', $User); } } else { $this->setData('Fatal', true); } if ($this->Form->errorCount() == 0 && $this->Form->isPostBack() === true) { $Password = $this->Form->getFormValue('Password', ''); $Confirm = $this->Form->getFormValue('Confirm', ''); if ($Password == '') { $this->Form->addError('Your new password is invalid'); Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Password is invalid.'); } elseif ($Password != $Confirm) { $this->Form->addError('Your passwords did not match.'); } Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Passwords did not match.'); if ($this->Form->errorCount() == 0) { $User = $this->UserModel->passwordReset($UserID, $Password); Logger::event('password_reset', Logger::NOTICE, '{username} has reset their password.'); Gdn::session()->start($User->UserID, true); // $Authenticator = Gdn::authenticator()->AuthenticateWith('password'); // $Authenticator->FetchData($Authenticator, array('Email' => $User->Email, 'Password' => $Password, 'RememberMe' => FALSE)); // $AuthUserID = $Authenticator->Authenticate(); redirect('/'); } } $this->render(); }
/** * * * @param $Category */ protected function setupDiscussionTypes($Category) { $DiscussionTypes = DiscussionModel::DiscussionTypes(); $this->setData('DiscussionTypes', $DiscussionTypes); if (!$this->Form->isPostBack()) { $PCatID = val('PermissionCategoryID', $Category, -1); if ($PCatID == val('CategoryID', $Category)) { $PCat = $Category; } else { $PCat = CategoryModel::categories($PCatID); } $AllowedTypes = val('AllowedDiscussionTypes', $PCat); if (empty($AllowedTypes)) { $AllowedTypes = array_keys($DiscussionTypes); } $this->Form->setValue("AllowedDiscussionTypes", $AllowedTypes); } }
/** * Manage options for a theme. * * @since 2.0.0 * @access public * @param string $Style Unique ID. * @todo Why is this in a giant try/catch block? */ public function themeOptions($Style = null) { $this->permission('Garden.Settings.Manage'); try { $this->addJsFile('addons.js'); $this->addSideMenu('dashboard/settings/themeoptions'); $ThemeManager = new Gdn_ThemeManager(); $this->setData('ThemeInfo', $ThemeManager->enabledThemeInfo()); if ($this->Form->authenticatedPostBack()) { // Save the styles to the config. $StyleKey = $this->Form->getFormValue('StyleKey'); $ConfigSaveData = array('Garden.ThemeOptions.Styles.Key' => $StyleKey, 'Garden.ThemeOptions.Styles.Value' => $this->data("ThemeInfo.Options.Styles.{$StyleKey}.Basename")); // Save the text to the locale. $Translations = array(); foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Default) { $Value = $this->Form->getFormValue($this->Form->escapeString('Text_' . $Key)); $ConfigSaveData["ThemeOption.{$Key}"] = $Value; //$this->Form->setFormValue('Text_'.$Key, $Value); } saveToConfig($ConfigSaveData); $this->informMessage(t("Your changes have been saved.")); } elseif ($Style) { saveToConfig(array('Garden.ThemeOptions.Styles.Key' => $Style, 'Garden.ThemeOptions.Styles.Value' => $this->data("ThemeInfo.Options.Styles.{$Style}.Basename"))); } $this->setData('ThemeOptions', c('Garden.ThemeOptions')); $StyleKey = $this->data('ThemeOptions.Styles.Key'); if (!$this->Form->isPostBack()) { foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Options) { $Default = val('Default', $Options, ''); $Value = c("ThemeOption.{$Key}", '#DEFAULT#'); if ($Value === '#DEFAULT#') { $Value = $Default; } $this->Form->setValue($this->Form->escapeString('Text_' . $Key), $Value); } } $this->setData('ThemeFolder', $ThemeManager->enabledTheme()); $this->title(t('Theme Options')); $this->Form->addHidden('StyleKey', $StyleKey); } catch (Exception $Ex) { $this->Form->addError($Ex); } $this->render(); }
/** * The summary of all settings available. * * The menu items displayed here are collected from each application's * application controller and all plugin's definitions. * * @since 2.0.0 * @access public */ public function index() { $this->ApplicationFolder = 'dashboard'; $this->MasterView = 'setup'; // Fatal error if Garden has already been installed. $Installed = c('Garden.Installed'); if ($Installed) { throw new Gdn_UserException('Vanilla is installed!', 409); } if (!$this->_checkPrerequisites()) { $this->View = 'prerequisites'; } else { $this->View = 'configure'; // Make sure the user has copied the htaccess file over. if (!file_exists(PATH_ROOT . '/.htaccess')) { $this->setData('NoHtaccess', true); if ($this->Form->isPostBack()) { $htaccessAction = $this->Form->getFormValue('HtaccessAction'); switch ($htaccessAction) { case 'skip': break; case 'dist': $htaccessCopied = copy(PATH_ROOT . '/.htaccess.dist', PATH_ROOT . '/.htaccess'); if ($htaccessCopied === false) { $this->Form->addError(t('Unable to copy .htaccess.dist to .htaccess.', 'Unable to copy .htaccess.dist to .htaccess. You may need to manually copy this file.')); } break; default: $this->Form->addError(t('You are missing Vanilla\'s .htaccess file.', 'You are missing an <b>.htaccess</b> file. This file can be automatically created from Vanilla\'s <b>.htaccess.dist</b>. However, it may not have been copied if you are using FTP to upload your files because this file is hidden. Make sure you\'ve copied the <b>.htaccess.dist</b> file before continuing.')); } } } $ApplicationManager = Gdn::applicationManager(); // Need to go through all of the setups for each application. Garden, if ($this->configure() && $this->Form->isPostBack()) { // Get list of applications to enable during install // Override by creating the config and adding this setting before install begins $AppNames = c('Garden.Install.Applications', array('Conversations', 'Vanilla')); try { // Step through the available applications, enabling each of them. foreach ($AppNames as $AppName) { $Validation = new Gdn_Validation(); $ApplicationManager->RegisterPermissions($AppName, $Validation); $ApplicationManager->EnableApplication($AppName, $Validation); } Gdn::pluginManager()->start(true); } catch (Exception $ex) { $this->Form->addError($ex); } if ($this->Form->errorCount() == 0) { // Save a variable so that the application knows it has been installed. // Now that the application is installed, select a more user friendly error page. $Config = array('Garden.Installed' => true); saveToConfig($Config); $this->setData('Installed', true); $this->fireAs('UpdateModel')->fireEvent('AfterStructure'); $this->fireEvent('Installed'); // Go to the dashboard. if ($this->deliveryType() === DELIVERY_TYPE_ALL) { redirect('/settings/gettingstarted'); } } elseif ($this->deliveryType() === DELIVERY_TYPE_DATA) { $maxCode = 0; $messages = array(); foreach ($this->Form->errors() as $row) { list($code, $message) = $row; $maxCode = max($maxCode, $code); $messages[] = $message; } throw new Gdn_UserException(implode(' ', $messages), $maxCode); } } } $this->render(); }
/** * Create or update a discussion. * * @since 2.0.0 * @access public * * @param int $CategoryID Unique ID of the category to add the discussion to. */ public function discussion($CategoryUrlCode = '') { // Override CategoryID if categories are disabled $UseCategories = $this->ShowCategorySelector = (bool) c('Vanilla.Categories.Use'); if (!$UseCategories) { $CategoryUrlCode = ''; } // Setup head $this->addJsFile('jquery.autosize.min.js'); $this->addJsFile('autosave.js'); $this->addJsFile('post.js'); $Session = Gdn::session(); Gdn_Theme::section('PostDiscussion'); // Set discussion, draft, and category data $DiscussionID = isset($this->Discussion) ? $this->Discussion->DiscussionID : ''; $DraftID = isset($this->Draft) ? $this->Draft->DraftID : 0; $Category = false; $CategoryModel = new CategoryModel(); if (isset($this->Discussion)) { $this->CategoryID = $this->Discussion->CategoryID; $Category = CategoryModel::categories($this->CategoryID); } elseif ($CategoryUrlCode != '') { $Category = CategoryModel::categories($CategoryUrlCode); if ($Category) { $this->CategoryID = val('CategoryID', $Category); } } if ($Category) { $this->Category = (object) $Category; $this->setData('Category', $Category); $this->Form->addHidden('CategoryID', $this->Category->CategoryID); if (val('DisplayAs', $this->Category) == 'Discussions' && !$DraftID) { $this->ShowCategorySelector = false; } else { // Get all our subcategories to add to the category if we are in a Header or Categories category. $this->Context = CategoryModel::getSubtree($this->CategoryID); } } else { $this->CategoryID = 0; $this->Category = null; } $CategoryData = $this->ShowCategorySelector ? CategoryModel::categories() : false; // Check permission if (isset($this->Discussion)) { // Make sure that content can (still) be edited. $CanEdit = DiscussionModel::canEdit($this->Discussion); if (!$CanEdit) { throw permissionException('Vanilla.Discussions.Edit'); } // Make sure only moderators can edit closed things if ($this->Discussion->Closed) { $this->permission('Vanilla.Discussions.Edit', true, 'Category', $this->Category->PermissionCategoryID); } $this->Form->setFormValue('DiscussionID', $this->Discussion->DiscussionID); $this->title(t('Edit Discussion')); if ($this->Discussion->Type) { $this->setData('Type', $this->Discussion->Type); } else { $this->setData('Type', 'Discussion'); } } else { // Permission to add. if ($this->Category) { $this->permission('Vanilla.Discussions.Add', true, 'Category', $this->Category->PermissionCategoryID); } else { $this->permission('Vanilla.Discussions.Add'); } $this->title(t('New Discussion')); } touchValue('Type', $this->Data, 'Discussion'); // See if we should hide the category dropdown. if ($this->ShowCategorySelector) { $AllowedCategories = CategoryModel::getByPermission('Discussions.Add', $this->Form->getValue('CategoryID', $this->CategoryID), ['Archived' => 0, 'AllowDiscussions' => 1], ['AllowedDiscussionTypes' => $this->Data['Type']]); if (count($AllowedCategories) == 1) { $AllowedCategory = array_pop($AllowedCategories); $this->ShowCategorySelector = false; $this->Form->addHidden('CategoryID', $AllowedCategory['CategoryID']); if ($this->Form->isPostBack() && !$this->Form->getFormValue('CategoryID')) { $this->Form->setFormValue('CategoryID', $AllowedCategory['CategoryID']); } } } // Set the model on the form $this->Form->setModel($this->DiscussionModel); if (!$this->Form->isPostBack()) { // Prep form with current data for editing if (isset($this->Discussion)) { $this->Form->setData($this->Discussion); } elseif (isset($this->Draft)) { $this->Form->setData($this->Draft); } else { if ($this->Category !== null) { $this->Form->setData(array('CategoryID' => $this->Category->CategoryID)); } $this->populateForm($this->Form); } } elseif ($this->Form->authenticatedPostBack()) { // Form was submitted // Save as a draft? $FormValues = $this->Form->formValues(); $FormValues = $this->DiscussionModel->filterForm($FormValues); $this->deliveryType(Gdn::request()->getValue('DeliveryType', $this->_DeliveryType)); if ($DraftID == 0) { $DraftID = $this->Form->getFormValue('DraftID', 0); } $Draft = $this->Form->buttonExists('Save_Draft') ? true : false; $Preview = $this->Form->buttonExists('Preview') ? true : false; if (!$Preview) { if (!is_object($this->Category) && is_array($CategoryData) && isset($FormValues['CategoryID'])) { $this->Category = val($FormValues['CategoryID'], $CategoryData); } if (is_object($this->Category)) { // Check category permissions. if ($this->Form->getFormValue('Announce', '') && !$Session->checkPermission('Vanilla.Discussions.Announce', true, 'Category', $this->Category->PermissionCategoryID)) { $this->Form->addError('You do not have permission to announce in this category', 'Announce'); } if ($this->Form->getFormValue('Close', '') && !$Session->checkPermission('Vanilla.Discussions.Close', true, 'Category', $this->Category->PermissionCategoryID)) { $this->Form->addError('You do not have permission to close in this category', 'Close'); } if ($this->Form->getFormValue('Sink', '') && !$Session->checkPermission('Vanilla.Discussions.Sink', true, 'Category', $this->Category->PermissionCategoryID)) { $this->Form->addError('You do not have permission to sink in this category', 'Sink'); } if (!isset($this->Discussion) && (!$Session->checkPermission('Vanilla.Discussions.Add', true, 'Category', $this->Category->PermissionCategoryID) || !$this->Category->AllowDiscussions)) { $this->Form->addError('You do not have permission to start discussions in this category', 'CategoryID'); } } $isTitleValid = true; $Name = trim($this->Form->getFormValue('Name', '')); if (!$Draft) { // Let's be super aggressive and disallow titles with no word characters in them! $hasWordCharacter = preg_match('/\\w/u', $Name) === 1; if (!$hasWordCharacter || $Name != '' && Gdn_Format::text($Name) == '') { $this->Form->addError(t('You have entered an invalid discussion title'), 'Name'); $isTitleValid = false; } } if ($isTitleValid) { // Trim the name. $FormValues['Name'] = $Name; $this->Form->setFormValue('Name', $Name); } if ($this->Form->errorCount() == 0) { if ($Draft) { $DraftID = $this->DraftModel->save($FormValues); $this->Form->setValidationResults($this->DraftModel->validationResults()); } else { $DiscussionID = $this->DiscussionModel->save($FormValues); $this->Form->setValidationResults($this->DiscussionModel->validationResults()); if ($DiscussionID > 0) { if ($DraftID > 0) { $this->DraftModel->delete($DraftID); } } if ($DiscussionID == SPAM || $DiscussionID == UNAPPROVED) { $this->StatusMessage = t('DiscussionRequiresApprovalStatus', 'Your discussion will appear after it is approved.'); // Clear out the form so that a draft won't save. $this->Form->formValues(array()); $this->render('Spam'); return; } } } } else { // If this was a preview click, create a discussion/comment shell with the values for this comment $this->Discussion = new stdClass(); $this->Discussion->Name = $this->Form->getValue('Name', ''); $this->Comment = new stdClass(); $this->Comment->InsertUserID = $Session->User->UserID; $this->Comment->InsertName = $Session->User->Name; $this->Comment->InsertPhoto = $Session->User->Photo; $this->Comment->DateInserted = Gdn_Format::date(); $this->Comment->Body = val('Body', $FormValues, ''); $this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter')); $this->EventArguments['Discussion'] =& $this->Discussion; $this->EventArguments['Comment'] =& $this->Comment; $this->fireEvent('BeforeDiscussionPreview'); if ($this->_DeliveryType == DELIVERY_TYPE_ALL) { $this->addAsset('Content', $this->fetchView('preview')); } else { $this->View = 'preview'; } } if ($this->Form->errorCount() > 0) { // Return the form errors $this->errorMessage($this->Form->errors()); } elseif ($DiscussionID > 0 || $DraftID > 0) { // Make sure that the ajax request form knows about the newly created discussion or draft id $this->setJson('DiscussionID', $DiscussionID); $this->setJson('DraftID', $DraftID); if (!$Preview) { // If the discussion was not a draft if (!$Draft) { // Redirect to the new discussion $Discussion = $this->DiscussionModel->getID($DiscussionID, DATASET_TYPE_OBJECT, array('Slave' => false)); $this->setData('Discussion', $Discussion); $this->EventArguments['Discussion'] = $Discussion; $this->fireEvent('AfterDiscussionSave'); if ($this->_DeliveryType == DELIVERY_TYPE_ALL) { redirect(discussionUrl($Discussion, 1)) . '?new=1'; } else { $this->RedirectUrl = discussionUrl($Discussion, 1, true) . '?new=1'; } } else { // If this was a draft save, notify the user about the save $this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date())); } } } } // Add hidden fields for editing $this->Form->addHidden('DiscussionID', $DiscussionID); $this->Form->addHidden('DraftID', $DraftID, true); $this->fireEvent('BeforeDiscussionRender'); if ($this->CategoryID) { $Breadcrumbs = CategoryModel::getAncestors($this->CategoryID); } else { $Breadcrumbs = array(); } $Breadcrumbs[] = array('Name' => $this->data('Title'), 'Url' => val('AddUrl', val($this->data('Type'), DiscussionModel::discussionTypes()), '/post/discussion')); $this->setData('Breadcrumbs', $Breadcrumbs); $this->setData('_AnnounceOptions', $this->announceOptions()); // Render view (posts/discussion.php or post/preview.php) $this->render(); }