public function action_detail($id = 0)
{
$data["forum"] = Model_Forum::find($id);
if ($data["forum"] == null) {
Response::redirect("/teachers/forum/");
}
if (Input::get("del_id", null) != null) {
$del_comment = Model_Comment::find(Input::get("del_id", 0));
if ($del_comment->user_id == $this->user->id) {
$del_comment->deleted_at = time();
$del_comment->save();
}
}
// add
if (Input::post("body", "") != "" and Security::check_token()) {
// save
$comment = Model_Comment::forge();
$comment->body = Input::post("body", "");
$comment->forum_id = $id;
$comment->user_id = $this->user->id;
$comment->save();
}
$data["user"] = $this->user;
$view = View::forge("teachers/forum/detail", $data);
$this->template->content = $view;
}
public function action_detail($id = 0)
{
$data['pasts'] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", 0)], ["deleted_at", 0]]]);
$data["donetrial"] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", -1)], ["deleted_at", 0]]]);
$data["forum"] = Model_Contactforum::find($id);
if ($data["forum"] == null) {
Response::redirect("/students/contactforum/");
}
if (Input::get("del_id", null) != null) {
$del_comment = Model_Contactcomment::find(Input::get("del_id", 0));
if ($del_comment->user_id == $this->user->id) {
$del_comment->deleted_at = time();
$del_comment->save();
}
}
// add
if (Input::post("body", "") != "" and Security::check_token()) {
// save
$comment = Model_Contactcomment::forge();
$comment->body = Input::post("body", "");
$comment->contactforum_id = $id;
$comment->user_id = $this->user->id;
$comment->save();
$data["forum"]->is_read = 0;
$data["forum"]->save();
}
$data["user"] = $this->user;
$view = View::forge("students/contacts/forum/detail", $data);
$this->template->content = $view;
}
public function action_edit($id = null, $one = null, $two = null)
{
$redirect = $two ? $one . '/' . $two : $one;
$auction = Model_Auction::find($id);
$val = Model_Auction::validate_edit();
if ($val->run()) {
$auction->item_count = Input::post('item_count');
$auction->price = Input::post('price');
$auction->memo = Input::post('memo');
if (\Security::check_token() && $auction->save()) {
Session::set_flash('success', e('Updated auction #' . $auction->auc_id));
Response::redirect('admin/' . $redirect);
} else {
Session::set_flash('error', e('Could not update auction #' . $auction->auc_id));
}
} else {
if (Input::method() == 'POST') {
$auction->item_count = $val->validated('item_count');
$auction->price = $val->validated('price');
$auction->memo = $val->validated('memo');
Session::set_flash('error', $val->error());
}
$this->template->set_global('auction', $auction, false);
}
$this->template->set_global('redirect', $redirect, false);
$this->template->title = $auction->title;
$this->template->content = View::forge('admin/auction/edit');
}
public function action_change()
{
//トークンの生成
$this->action_csrf();
//バリデーション定義
$val = Validation::forge();
$val->add('password', '「現在のパスワード」')->add_rule('required')->add_rule('min_length', 8)->add_rule('max_length', 12);
$val->add('newpassword', '「新しいパスワード」または、「(新)パスワード再入力」')->add_rule('required')->add_rule('min_length', 8)->add_rule('max_length', 12);
$this->action_category();
if (Input::post()) {
if (Security::check_token()) {
if ($val->run()) {
$username = Auth::get_screen_name();
//現在のパスワード
$old_password = Input::post('password');
//新しいパスワード
$new_password = Input::post('newpassword');
//パスワードを変更するメソッド
Auth::change_password($old_password, $new_password, $username);
$this->message = 'パスワードが変更されました。';
$view = View::forge('changepass/ChangePass', $this->data);
$view->set_global('message', $this->message, false);
$view->set_global('error', $this->error, false);
} else {
$this->error = $val->error();
$view = View::forge('changepass/ChangePass', $this->data);
$view->set_global('message', $this->message, false);
$view->set_global('error', $this->error, false);
}
} else {
Profiler::mark('CSRF攻撃');
}
}
return $view;
}
public function action_submit()
{
if (!Security::check_token()) {
Response::redirect('_404_');
}
if (Session::get_flash('name')) {
$contact = Model_Contact::forge();
$contact->title = Session::get_flash("title");
$contact->body = Session::get_flash("body");
$body = View::forge("email/contact");
$body->set("name", Session::get_flash('name'));
$body->set("email", Session::get_flash('email'));
$body->set("body", Session::get_flash('body'));
$sendmail = Email::forge("JIS");
$sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name"));
$sendmail->to(Config::get("statics.info_email"));
$sendmail->subject("We got contact/ Game-bootcamp");
$sendmail->body($body);
$sendmail->send();
}
$this->template->title = "Contact";
$this->template->sub = "How can we help you?";
$view = View::forge("contacts/send");
$this->template->content = $view;
}
public function action_send()
{
// CSRF対策
if (!Security::check_token()) {
throw new HttpInvalidInputException('ページ遷移が正しくありません');
}
$val = $this->forge_validation()->add_callable('MyValidationRules');
if (!$val->run()) {
$this->template->title = 'コンタクトフォーム: エラー';
$this->template->content = View::forge('form/index');
$this->template->content->set_safe('html_error', $val->show_errors());
return;
}
$post = $val->validated();
$data = $this->build_mail($post);
// メールの送信
try {
$this->sendmail($data);
$this->template->title = 'コンタクトフォーム: 送信完了';
$this->template->content = View::forge('form/send');
return;
} catch (EmailValidationFailedException $e) {
Log::error('メール検証エラー: ' . $e->getMessage(), __METHOD__);
$html_error = '<p>メールアドレスに誤りがあります。</p>';
} catch (EmailSendingFailedException $e) {
Log::error('メール送信エラー: ' . $e->getMessage(), __METHOD__);
$html_error = '<p>メールを送信できませんでした。</p>';
}
$this->template->title = 'コンタクトフォーム: 送信エラー';
$this->template->content = View::forge('form/index');
$this->template->content->set_safe('html_error', $html_error);
}
public function action_index()
{
$is_chenged = false;
$data["password_error"] = "";
if (Input::post("timezone", null) !== null and Security::check_token()) {
$this->user->timezone = Input::post("timezone", "");
$this->user->save();
$is_chenged = true;
}
if (Input::post("need_reservation_email", null) !== null and Security::check_token()) {
$this->user->need_reservation_email = Input::post("need_reservation_email", 1);
$this->user->need_news_email = Input::post("need_news_email", 1);
$this->user->save();
$is_chenged = true;
}
if (Input::post("password", null) != null and Security::check_token()) {
$val = Validation::forge();
$val->add_callable('passwordvalidation');
$val->add_field("password", Lang::get('forgotpassword.password'), "required|match_field[password2]|password");
$val->add_field("password2", Lang::get('forgotpassword.password'), "required|match_field[password]|password");
if ($val->run()) {
$this->user->password = Auth::instance()->hash_password(Input::post('password', ""));
$this->user->save();
$is_chenged = true;
} else {
$data["password_error"] = "password does not matched.";
}
}
$data["user"] = $this->user;
$data["is_chenged"] = $is_chenged;
$view = View::forge("teachers/setting", $data);
$this->template->content = $view;
}
public function action_send()
{
if (!\Security::check_token()) {
\Log::error('CSRF: ' . \Input::uri() . ' ' . \Input::ip() . ' "' . \Input::user_agent() . '"');
throw new HttpInvalidInputException('Invalid input data');
}
$val = $this->form()->validation();
$val->add_callable('myvalidation');
if ($val->run()) {
$post = $val->validated();
\Config::load('contact', true);
$data = array();
$data['email'] = $post['email'];
$data['name'] = $post['name'];
$data['to'] = \Config::get('contact.admin_email');
$data['to_name'] = \Config::get('contact.admin_name');
$data['subject'] = \Config::get('contact.mail_subject');
$data['ip'] = \Input::ip();
$data['ua'] = \Input::user_agent();
$langs = implode(' ', $post['lang']);
$data['body'] = <<<END
====================
名前: {$post['name']}
メールアドレス: {$post['email']}
IPアドレス: {$data['ip']}
ブラウザ: {$data['ua']}
====================
コメント:
{$post['comment']}
性別: {$post['gender']}
問い合わせの種類: {$post['kind']}
好きな鳥: {$langs}
====================
END;
try {
$this->sendmail($data);
$this->save($data);
$this->template->title = 'コンタクトフォーム: 送信完了';
$this->template->content = View::forge('contact/send');
} catch (EmailValidationFailedException $e) {
$this->template->title = 'コンタクトフォーム: 送信エラー';
$this->template->content = View::forge('contact/error');
\Log::error(__METHOD__ . ' email validation error: ' . $e->getMessage());
} catch (EmailSendingFailedException $e) {
$this->template->title = 'コンタクトフォーム: 送信エラー';
$this->template->content = View::forge('contact/error');
\Log::error(__METHOD__ . ' email sending error: ' . $e->getMessage());
} catch (EmailSavingFailedException $e) {
$this->template->title = 'コンタクトフォーム: 送信エラー';
$this->template->content = View::forge('contact/error');
\Log::error(__METHOD__ . ' email saving error: ' . $e->getMessage());
}
} else {
$this->template->title = 'コンタクトフォーム: エラー';
$this->template->content = View::forge('contact/index');
$this->template->content->set_safe('html_error', $val->show_errors());
}
}
protected function checkCsrf($token = null)
{
if (!Security::check_token($token)) {
Logger::error(new Exception('CSRF Error'));
// Controller_Auth::logout();
return Response::redirect();
}
}
/**
* ユーザ登録
*
* @access public
* @return View
*/
public function action_signup()
{
//認証チェック
if (\Auth::check()) {
Response::redirect('mypage');
}
$view = View::forge('auth/signup');
//フォーム生成
$form = Formparts::signup();
//入力有り
if (\Input::post()) {
if (!\Security::check_token()) {
$view->set_global('massage', array('css' => 'warning', 'content' => '再読み込みは無効な操作です。'));
} else {
//
if (\Input::post('password') != \Input::post('re-password')) {
$form->repopulate();
$view->set_global('massage', array('css' => 'warning', 'content' => 'パスワードが一致していません。'));
} else {
$val = $form->validation();
if ($val->run()) {
try {
$result = \Auth::create_user(\Input::post('username'), \Input::post('password'), \Input::post('email'), 1, array('firstname' => \Input::post('firstname'), 'lastname' => \Input::post('lastname')));
if ($result) {
if (\Auth::instance()->login(\Input::post('username'), \Input::post('password'))) {
// ログインしマイページに移動
return \Response::redirect('mypage');
} else {
$view->set_global('massage', array('css' => 'danger', 'content' => '予期せぬエラーです。'));
}
}
} catch (\SimpleUserUpdateException $e) {
switch ($e->getCode()) {
case 2:
// メールアドレスが重複
$view->set_global('massage', array('css' => 'warning', 'content' => 'メールアドレスが重複しています。'));
break;
case 3:
// ユーザー名が重複
$view->set_global('massage', array('css' => 'warning', 'content' => 'ユーザ名が重複しています。'));
break;
default:
// これは起こり得ないが、ずっとそうとは限らない...
$view->set_global('massage', array('css' => 'danger', 'content' => '予期せぬエラーです。'));
}
}
} else {
$form->repopulate();
$view->set_global('errors', $val->error());
}
}
}
}
// $form->build();
$view->set_safe('form', $form);
return $view;
}
public function action_send()
{
$data['token_key'] = Config::get('security.csrf_token_key');
$data['token'] = Security::fetch_token();
$error = array();
if (Security::check_token()) {
$val = Validation::forge();
$val->add_field('username', 'ユーザID', 'required|max_length[9]');
$val->add_field('mail', 'メールアドレス', 'required|valid_email');
if ($val->run()) {
//受信データの整理
$username = Input::post('username');
$email = Input::post('mail');
//登録ユーザの有無の確認
$user_count = Model_Users::query()->where('username', $username)->where('email', $email)->count();
//該当ユーザがいれば
if ($user_count > 0) {
//Authのインスタンス化
$auth = Auth::instance();
//新しいパスワードの自動発行
$repass = $auth->reset_password($username);
//送信データの整理
$data['fullname'] = Model_Users::query()->select('fullname')->where('username', $username)->get();
$data['repass'] = $repass;
$data['email'] = $email;
$data['anchor'] = 'login';
$body = View::forge('login/email/autorepass', $data);
//Eメールのインスタンス化
$sendmail = Email::forge();
//メール情報の設定
$sendmail->from('*****@*****.**', '');
$sendmail->to($email, $username);
$sendmail->subject('パスワードの再発行');
$sendmail->html_body($body);
//メールの送信
$sendmail->send();
$view = View::forge('login/success', $data);
//該当者0のとき
} else {
$view = View::forge('login/contact', $data);
$msg = '該当者が存在しませんでした。';
$view->set('msg', $msg);
}
//バリデーションエラー
} else {
$error = $val->error();
$view = View::forge('login/contact', $data);
$view->set_global('error', $error, false);
}
//CSRF対策
} else {
$view = View::forge('login/contact', $data);
$msg = 'CSRF対策です';
$view->set('msg', $msg);
}
return $view;
}
public function action_index()
{
$is_chenged = false;
if ($this->user->bank == null) {
$this->user->bank = Model_Bank::forge();
$this->user->bank->user_id = $this->user->id;
$this->user->bank->save();
}
if (Input::post("firstname", null) != null and Security::check_token()) {
$email = Input::post("email", null);
if ($email != $this->user->email) {
$check_user = Model_User::find("first", ["where" => [["email" => $email]]]);
if ($check_user == null) {
$this->email = $email;
} else {
$data["error"] = "This email is already in use.";
}
}
$config = ["path" => DOCROOT . "assets/img/pictures/", 'randomize' => true, 'auto_rename' => true, 'ext_whitelist' => array('img', 'jpg', 'jpeg', 'gif', 'png')];
Upload::process($config);
if (Upload::is_valid()) {
Upload::save();
$saved_result = Upload::get_files();
$file_name = $saved_result[0]['saved_as'];
$image = Image::load($config["path"] . $file_name);
$image->crop_resize(200, 200)->save($config["path"] . "m_" . $file_name);
$image->crop_resize(86, 86)->save($config["path"] . "s_" . $file_name);
$this->user->img_path = $file_name;
} else {
$error = Upload::get_errors();
}
if (!isset($data["error"])) {
$this->user->firstname = Input::post("firstname", "");
$this->user->middlename = Input::post("middlename", "");
$this->user->lastname = Input::post("lastname", "");
$this->user->google_account = Input::post("google_account", "");
$this->user->pr = Input::post("pr", "");
$this->user->educational_background = Input::post("educational_background", "");
$this->user->enchantJS = Input::post("enchantJS", 0);
$this->user->trial = Input::post("trial", 0);
$this->user->save();
$this->user->bank->name = Input::post("bank_name", "");
$this->user->bank->branch = Input::post("bank_branch", "");
$this->user->bank->account = Input::post("bank_account", "");
$this->user->bank->number = Input::post("bank_number", "");
$this->user->bank->etc = Input::post("bank_etc", "");
$this->user->bank->type = Input::post("bank_type", 0);
$this->user->bank->save();
$is_chenged = true;
}
}
$data["user"] = $this->user;
$data["is_chenged"] = $is_chenged;
$view = View::forge("teachers/profile", $data);
$this->template->content = $view;
}
public function before()
{
parent::before();
$this->template->active = '';
if (Input::method() != 'GET') {
if (!Security::check_token()) {
throw new Exception('Security token is bad.');
}
}
}
function get_action()
{
$result = Request::get(self::PARAM_ACTION, self::ACTION_DEFAULT);
if ($result != self::ACTION_DEFAULT) {
$passed = Security::check_token('get');
Security::clear_token();
$result = $passed ? $result : self::ACTION_SECURITY_FAILED;
}
return $result;
}
public function action_send()
{
// CSRF対策
if (!Security::check_token()) {
throw new HttpInvalidInputException('ページ遷移が正しくありません');
}
$form = $this->forge_form();
$val = $form->validation()->add_callable('MyValidationRules');
if (!$val->run()) {
$form->repopulate();
$this->template->title = 'コンタクトフォーム: エラー';
$this->template->content = View::forge('form/index');
$this->template->content->set_safe('html_error', $val->show_errors());
$this->template->content->set_safe('html_form', $form->build('form/confirm'));
return;
}
$post = $val->validated();
$post['ip_address'] = Input::ip();
$post['user_agent'] = Input::user_agent();
unset($post['submit']);
// データベースへ保存
$model_form = Model_Form::forge($post);
$ret = $model_form->save();
if (!$ret) {
Log::error('データベース保存エラー', __METHOD__);
$form->repopulate();
$this->template->title = 'コンタクトフォーム: サーバエラー';
$this->template->content = View::forge('form/index');
$html_error = '<p>サーバでエラーが発生しました。</p>';
$this->template->content->set_safe('html_error', $html_error);
$this->template->content->set_safe('html_form', $form->build('form/confirm'));
return;
}
// メールの送信
try {
$mail = new Model_Mail();
$mail->send($post);
$this->template->title = 'コンタクトフォーム: 送信完了';
$this->template->content = View::forge('form/send');
return;
} catch (EmailValidationFailedException $e) {
Log::error('メール検証エラー: ' . $e->getMessage(), __METHOD__);
$html_error = '<p>メールアドレスに誤りがあります。</p>';
} catch (EmailSendingFailedException $e) {
Log::error('メール送信エラー: ' . $e->getMessage(), __METHOD__);
$html_error = '<p>メールを送信できませんでした。</p>';
}
$form->repopulate();
$this->template->title = 'コンタクトフォーム: 送信エラー';
$this->template->content = View::forge('form/index');
$this->template->content->set_safe('html_error', $html_error);
$this->template->content->set_safe('html_form', $form->build('form/confirm'));
}
public function action_index()
{
$this->template = View::forge("students/template");
// login
if (Input::post("email", null) !== null and Security::check_token()) {
$email = Input::post('email', null);
$password = Input::post('password', null);
$where = [["email", $email], ["deleted_at", 0]];
$gameUser = Model_User::find("all", ["where" => $where]);
if (count($gameUser) >= 1) {
if ($this->auth->login($email, $password)) {
if (Input::post('remember_me', null) == 1) {
$this->auth->remember_me();
}
$type = Input::post('type', 0);
if (Input::post('pay', 0) != 1 && Input::post('doc', 0) != 1) {
Response::redirect('/students/top');
} else {
if (Input::post('pay') != 0 || Input::post('pay') != NULL) {
if (Input::post('method', 0) == 1) {
Response::redirect('/coursefee/cash/?g=1#upload');
} elseif (Input::post('method', 0) == 2) {
Response::redirect('/coursefee/remit/?g=2#done');
} elseif (Input::post('method', 0) == 3) {
Response::redirect('/students/courses');
} elseif (Input::post('method', 0) == 4) {
Response::redirect('/coursefee/cash/?g=4#upload');
}
}
if (Input::post('doc', 0) != 0 || Input::post('doc') != NULL) {
$user = Model_User::query()->where('email', $email)->where('deleted_at', 0)->limit(1)->get_one();
$query = Model_User::find($user->id);
$place = $query->place;
if ($place == 1) {
Response::redirect('/join/?open=2');
} else {
Response::redirect('/join/?open=1');
}
}
}
} else {
Response::redirect('/students/signin?e=1');
}
} else {
Response::redirect('/students/signin?e=1');
}
}
$view = View::forge("students/signin");
$this->template->content = $view;
$this->template->title = "Signin";
$this->template->auth_status = false;
}
public function action_delete($id = null)
{
if ($category = Model_Category::find($id) and \Security::check_token()) {
$category->delete();
Session::set_flash('success', e('Deleted category #' . $id));
} else {
if (!\Security::check_token()) {
Session::set_flash('error', e('Could not delete category #' . $id . ', CSRF token not valid!'));
} else {
Session::set_flash('error', e('Could not delete category #' . $id));
}
}
Response::redirect('blog/admin/category');
}
public function action_delete($id = null)
{
if ($comment = Model_Comment::find($id) and \Security::check_token()) {
$comment->delete();
Session::set_flash('success', e('Deleted comment #' . $id));
} else {
if (!\Security::check_token()) {
Session::set_flash('error', e('Could not delete comment #' . $id . ', CSRF token not valid!'));
} else {
Session::set_flash('error', e('Could not delete comment #' . $id));
}
}
Response::redirect('admin/comment');
}
public function action_delete($id = null, $one = null, $two = null)
{
$redirect = $two ? $one . '/' . $two : $one;
if ($part = \Model_Part::find($id) and \Security::check_token()) {
foreach ($part->auctions as $auction) {
$auction->part_id = null;
$auction->save();
}
$part->delete();
Session::set_flash('success', e('Deleted part #' . $id));
} else {
Session::set_flash('error', e('Could not delete part #' . $id));
}
Response::redirect('admin/' . $redirect);
}
public function action_submit()
{
if (!Security::check_token()) {
Response::redirect('_404_');
}
if (Session::get_flash('title')) {
$contact = Model_Contact::forge();
$contact->title = Session::get_flash("title");
$contact->body = Session::get_flash("body");
$contact->user_id = $this->user->id;
$contact->save();
} else {
Response::redirect('_404_');
}
$this->template->content = View::forge('teachers/contact/finish');
}
public function action_submit()
{
if (!Security::check_token()) {
Response::redirect('_404_');
}
if (Session::get_flash('email')) {
$email = Session::get_flash("email");
try {
Auth::create_user($email, Session::get_flash("password"), $email, 10);
$user = Model_User::find("first", ["where" => [["email", $email]]]);
if ($user != null) {
$user->sex = Session::get_flash("sex");
$user->firstname = Session::get_flash("firstname");
$user->middlename = Session::get_flash("middlename");
$user->lastname = Session::get_flash("lastname");
$user->birthday = Session::get_flash("year") . "-" . Session::get_flash("month") . "-" . Session::get_flash("day");
$user->google_account = Session::get_flash("google_account");
$user->need_reservation_email = Session::get_flash("need_reservation_email");
$user->need_news_email = Session::get_flash("need_news_email");
$user->timezone = Session::get_flash("timezone");
$user->pr = Session::get_flash("pr");
$user->educational_background = Session::get_flash("educational_background");
$user->trial = Session::get_flash("trial");
$user->enchantJS = Session::get_flash("enchantJS");
$user->save();
// send mail
$body = View::forge("email/teachers/signup");
$body->set("name", $user->firstname);
$body->set("user", $user);
$body->set("ymd", explode("-", $user->birthday));
$sendmail = Email::forge("JIS");
$sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name"));
$sendmail->to($user->email);
$sendmail->subject("Welcome Aboard! / Game-bootcamp");
$sendmail->html_body(htmlspecialchars_decode($body));
$sendmail->send();
} else {
Response::redirect('_404_');
}
} catch (Exception $e) {
Response::redirect('_404_');
}
} else {
Response::redirect('_404_');
}
$this->template->content = View::forge('teachers/signup/finish');
}
public function action_submit()
{
if (!Security::check_token()) {
Response::redirect('_404_');
}
if (Session::get_flash('email')) {
$email = Session::get_flash("email");
Auth::create_user($email, Session::get_flash("password"), $email, 1);
$user = Model_User::find("first", ["where" => [["email", $email]]]);
if ($user != null) {
$user->sex = Session::get_flash("sex");
$user->firstname = Session::get_flash("firstname");
$user->middlename = Session::get_flash("middlename");
$user->lastname = Session::get_flash("lastname");
$user->birthday = Session::get_flash("year") . "-" . Session::get_flash("month") . "-" . Session::get_flash("day");
$user->google_account = Session::get_flash("google_account");
$user->need_reservation_email = Session::get_flash("need_reservation_email");
$user->need_news_email = Session::get_flash("need_news_email");
$user->timezone = Session::get_flash("timezone");
$user->place = Session::get_flash("grameen");
$user->grameen_student = Session::get_flash("grameen_student");
$user->nationality = Session::get_flash("nationality");
$user->save();
// send mail
$body = View::forge("email/students/signup");
$body->set("name", $user->firstname);
$body->set("user", $user);
$body->set("ymd", explode("-", $user->birthday));
$sendmail = Email::forge("JIS");
$sendmail->from(Config::get("statics.info_email"), Config::get("statics.info_name"));
$sendmail->to($user->email);
$sendmail->subject("Welcome Aboard! / Game-BootCamp");
$sendmail->html_body(htmlspecialchars_decode($body));
$documents = Model_Document::query()->where('type', 1)->where('deleted_at', 0)->limit(1)->get_one();
if (count($documents) > 0) {
$query = Model_Document::find($documents->id);
$sendmail->attach(DOCROOT . '/contents/' . $query->path);
}
$sendmail->send();
} else {
Response::redirect('_404_/?hehe');
}
} else {
Response::redirect('_404_');
}
$this->template->content = View::forge('students/signup/finish');
}
public function action_done()
{
if (!Security::check_token()) {
throw new HttpInvalidInputException('正しいルートからアクセスしてください。');
}
$val = $this->regist_validation()->add_callable('MyValidationRules');
if (!$val->run()) {
$this->template->title = '入力エラー | ReviewBook';
$this->template->content = View::forge('regist_form/form');
$this->template->content->set_safe('html_error', $val->show_errors());
return;
}
Auth::create_user(Input::post('username'), Input::post('password'), Input::post('email'));
// Auth::create_user( 'test','test123','*****@*****.**' );
$this->template->title = '登録完了 | ReviewBook';
$this->template->content = View::forge('regist_form/done');
}
/**
* CSRF対策のトークンをチェックする。
* 異常時はログに書き込む
* @return boolean
*/
static function chkCSRFToken($file = null, $line = null)
{
if (ENABLE_CSRF == TRUE) {
return true;
}
if ($_POST) {
// CSRF トークンが正しいかチェック
if (\Security::check_token()) {
return true;
}
}
$msg2 = 'Invalid CSRF Token';
// Log::error($msg2);
$log = new Logging();
$log->writeLog_Warning($msg2, $file, $line);
return false;
}
public function action_index()
{
$is_chenged = false;
$data["password_error"] = "";
if (Input::post("place", null) !== null and Security::check_token()) {
$this->user->place = Input::post("place", "");
$this->user->save();
$is_chenged = true;
}
if (Input::post("grameen_student", null) !== null and Security::check_token()) {
$this->user->grameen_student = Input::post("grameen_student", "");
$this->user->save();
$is_chenged = true;
}
if (Input::post("timezone", null) !== null and Security::check_token()) {
$this->user->timezone = Input::post("timezone", "");
$this->user->save();
$is_chenged = true;
}
if (Input::post("need_reservation_email", null) !== null and Security::check_token()) {
$this->user->need_reservation_email = Input::post("need_reservation_email", 1);
$this->user->need_news_email = Input::post("need_news_email", 1);
$this->user->save();
$is_chenged = true;
}
if (Input::post("password", null) != null and Security::check_token()) {
$val = Validation::forge();
$val->add_callable('passwordvalidation');
$val->add_field("password", Lang::get('forgotpassword.password'), "required|match_field[password2]|password");
$val->add_field("password2", Lang::get('forgotpassword.password'), "required|match_field[password]|password");
if ($val->run()) {
$this->user->password = Auth::instance()->hash_password(Input::post('password', ""));
$this->user->save();
$is_chenged = true;
} else {
$data["password_error"] = "password does not matched.";
}
}
$data['pasts'] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", 0)], ["deleted_at", 0]]]);
$data["donetrial"] = Model_Lessontime::find("all", ["where" => [["student_id", $this->user->id], ["status", 2], ["language", Input::get("course", -1)], ["deleted_at", 0]]]);
$data["user"] = $this->user;
$data["is_chenged"] = $is_chenged;
$view = View::forge("students/setting", $data);
$this->template->content = $view;
}
public function action_index()
{
$this->template = View::forge("admin/template");
// login
if (Input::post("email", null) !== null and Security::check_token()) {
$email = Input::post('email', null);
$password = Input::post('password', null);
if ($this->auth->login($email, $password)) {
Response::redirect('/admin/top');
} else {
Response::redirect('/admin/signin?e=1');
}
}
$view = View::forge("admin/signin");
$this->template->content = $view;
$this->template->title = "Signin";
$this->template->auth_status = false;
}
/**
* 仮登録完了画面
* ユーザ登録実行後、アクティベートURLを含む認証メールをユーザに送付します
* ユーザ作成箇所につきこの箇所のみCSRFチェックを実行いたします。
*
* @todo エラーメッセージのview側への組み込み
* @todo 検討: emailにunique制約が入っており、ここで中途半端にページを閉じると同じIDで登録できない
* @todo confirmでリロードした後にこの画面に遷移すると、passwordがとれずユーザが発行されない
* @todo ユーザの作成からトークン発行までをtransaction処理にする
* @author shimma
* @access public
* @return void
*/
public function post_verify()
{
if (!Security::check_token()) {
throw new SystemException(\Model_Error::ER00301);
}
$fieldset = self::createFieldset();
$properties = array_filter($fieldset->validation()->validated(), 'strlen');
try {
$new_user = Model_User::createNewUser($properties['email'], $properties['password'], $properties);
$new_token = Model_Token::generate($new_user->user_id);
$email_template_params = array('nick_name' => $new_user->nick_name, 'activate_url' => $new_token->getActivationUrl());
$new_user->sendmail('signup/verify', $email_template_params);
} catch (Exception $e) {
throw $e;
}
$this->template->content = View::forge('signup/verify');
$this->template->content->set('user_input', $properties);
}
public function action_send($Pid = 0)
{
$this->action_csrf();
$val = Validation::forge();
$val->add('sentence', '通報内容')->add_rule('required');
$username = Auth::get_screen_name();
$address = Auth::get_email();
$problem = Input::post('problem');
$email = Email::forge();
$email->from('*****@*****.**');
$email->to($address);
$email->subject('投稿ID ' . $Pid . '番に対する「' . $problem . '」の通報がありました。');
$body = Input::post('sentence');
$email->body($body);
if ($val->run()) {
if (Security::check_token()) {
try {
$email->send();
$view = View::forge('problemreport/success');
return $view;
} catch (\EmailValidationFailedException $e) {
$view = View::forge('welcome/404');
return $view;
} catch (\EmailSendingFailedException $e) {
}
} else {
$this->error['csrf'] = '「CSRFエラー」です。<br>もう一度最初からアクセスし直してください。。';
$this->action_csrf();
$this->action_post($Pid);
$this->data['categorize'] = Model_Category::query()->where('df', '=', '0')->get();
$view = View::forge('problemreport/ProblemReport', $this->data);
$view->set_global('error', $this->error, false);
return $view;
}
} else {
$this->error = $val->error();
$this->action_csrf();
$this->action_post($Pid);
$this->data['categorize'] = Model_Category::query()->where('df', '=', '0')->get();
$view = View::forge('problemreport/ProblemReport', $this->data);
$view->set_global('error', $this->error, false);
return $view;
}
}
/**
* 完了画面
*
* @access public
* @return void
*/
public function post_thanks()
{
if (!Security::check_token()) {
throw new SystemException(\Model_Error::ER00602);
}
$view = View::forge('inquiry/thanks');
$this->setMetaTag('inquiry/thanks');
$this->template->content = $view;
try {
$contact = $this->registerContact();
} catch (Exception $e) {
throw new SystemException(\Model_Error::ER00601);
}
try {
$this->sendMailToUserAndAdmin($contact);
} catch (Exception $e) {
throw new SystemException(\Model_Error::ER00602);
}
}
public function action_login()
{
// already logged in?
if (\Auth::check()) {
// yes, so go back to the page the user came from, or the
// application dashboard if no previous page can be detected
\Messages::info(__('user.login.already-logged-in'));
\Response::redirect_back();
}
// was the login form posted?
if (\Input::method() == 'POST') {
// check for a valid CSRF token
if (!\Security::check_token()) {
// CSRF attack or expired CSRF token
// login failed, show an error message
\Messages::error(__('user.login.failure'));
\Response::redirect_back();
} else {
// token is valid, you can process the form input
//// check the credentials.
if (\Auth::instance()->login(\Input::param('username'), \Input::param('password'))) {
$user = \Input::param('username');
\Messages::info("Welcome back {$user}");
/*
* FIxes loop problem after redirect
* ( Input::referrer() === $main_login_forms or Input::referrer() === $main_registration_forms )
*/
$main_login_forms = Uri::base(false) . $this->selfReferrerLogin;
$main_registration_forms = Uri::base(false) . $this->selfReferrerRegistration;
if (Input::referrer() === $main_login_forms or Input::referrer() === $main_registration_forms) {
\Response::redirect('/');
}
\Response::redirect_back();
} else {
// login failed, show an error message
\Messages::error(__('user.login.failure'));
\Response::redirect_back();
}
}
}
// display the login page
$this->template->content = View::forge('user/login');
}
