/**
* Validate the form
*/
protected function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
// validation
$fields = $this->frm->getFields();
$fields['title']->isFilled(Language::err('TitleIsRequired'));
$fields['description']->isFilled(Language::err('FieldIsRequired'));
$fields['author_name']->isFilled(Language::err('FieldIsRequired'));
$fields['author_url']->isFilled(Language::err('FieldIsRequired'));
$fields['author_email']->isFilled(Language::err('FieldIsRequired'));
// cleanup the modulename
$title = preg_replace('/[^A-Za-z ]/', '', $fields['title']->getValue());
// check if there is already a module with this name
if (BackendExtensionsModel::existsModule($title)) {
$fields['title']->addError(Language::err('DuplicateModuleName'));
}
if ($this->frm->isCorrect()) {
$this->record['title'] = $title;
$this->record['description'] = trim($fields['description']->getValue());
$this->record['author_name'] = $fields['author_name']->getValue();
$this->record['author_url'] = $fields['author_url']->getValue();
$this->record['author_email'] = $fields['author_email']->getValue();
$this->record['camel_case_name'] = BackendModuleMakerHelper::buildCamelCasedName($title);
$this->record['underscored_name'] = BackendModuleMakerHelper::buildUnderscoredName($title);
\SpoonSession::set('module', $this->record);
$this->redirect(Model::createURLForAction('AddStep2'));
}
}
}
/**
* Execute the action
*
* @return void
*/
public function execute()
{
// call parent, this will probably add some general CSS/JS or other required files
parent::execute();
// get parameters
$term = SpoonFilter::getGetValue('term', null, '');
// validate
if ($term == '') {
$this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
}
// previous search result
$previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : '';
SpoonSession::set('searchTerm', '');
// save this term?
if ($previousTerm != $term) {
// format data
$this->statistics = array();
$this->statistics['term'] = $term;
$this->statistics['language'] = FRONTEND_LANGUAGE;
$this->statistics['time'] = FrontendModel::getUTCDate();
$this->statistics['data'] = serialize(array('server' => $_SERVER));
$this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
// save data
FrontendSearchModel::save($this->statistics);
}
// save current search term in cookie
SpoonSession::set('searchTerm', $term);
// output
$this->output(self::OK);
}
/**
* Validate the form
*/
protected function validateForm()
{
if ($this->frm->isSubmitted()) {
$this->frm->cleanupFields();
$frmFields = $this->frm->getFields();
// validate form
if ($frmFields['twitter']->isChecked()) {
// we need fields when search is ticked
$frmFields['twitter_name']->isFilled(Language::err('FieldIsRequired'));
}
if ($this->frm->isCorrect()) {
// if this field is checked, let's add a boolean searchable true to the chosen fields
if ($frmFields['twitter']->isChecked()) {
$this->record['twitter'] = $frmFields['twitter_name']->getValue();
} else {
if (array_key_exists('twitter', $this->record)) {
unset($this->record['twitter']);
}
}
// save the object in our session
\SpoonSession::set('module', $this->record);
$this->redirect(Model::createURLForAction('Generate'));
}
}
}
/**
* Execute the action
*/
public function execute()
{
parent::execute();
// get parameters
$charset = $this->getContainer()->getParameter('kernel.charset');
$searchTerm = \SpoonFilter::getPostValue('term', null, '');
$term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm);
// validate search term
if ($term == '') {
$this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
} else {
// previous search result
$previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : '';
\SpoonSession::set('searchTerm', '');
// save this term?
if ($previousTerm != $term) {
// format data
$this->statistics = array();
$this->statistics['term'] = $term;
$this->statistics['language'] = LANGUAGE;
$this->statistics['time'] = FrontendModel::getUTCDate();
$this->statistics['data'] = serialize(array('server' => $_SERVER));
$this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
// save data
FrontendSearchModel::save($this->statistics);
}
// save current search term in cookie
\SpoonSession::set('searchTerm', $term);
// output
$this->output(self::OK);
}
}
/**
* Set start and end timestamp needed to collect analytics data
*
* @return void
*/
private function setDates()
{
// process
BackendAnalyticsHelper::setDates();
// get timestamps from session and set
$this->startTimestamp = (int) SpoonSession::get('analytics_start_timestamp');
$this->endTimestamp = (int) SpoonSession::get('analytics_end_timestamp');
}
/**
* Check if the token is ok
*/
public function checkToken()
{
$fromSession = \SpoonSession::exists('csrf_token') ? \SpoonSession::get('csrf_token') : '';
$fromGet = \SpoonFilter::getGetValue('token', null, '');
if ($fromSession != '' && $fromGet != '' && $fromSession == $fromGet) {
return;
}
// clear the token
\SpoonSession::set('csrf_token', '');
$this->redirect(BackendModel::createURLForAction('Index', null, null, array('error' => 'csrf')));
}
/**
* Execute the actions
*/
public function execute()
{
// If step 1 isn't entered, redirect back to the first step of the wizard
$this->record = \SpoonSession::get('module');
if (!$this->record || !array_key_exists('title', $this->record)) {
$this->redirect(Model::createURLForAction('add'));
}
parent::execute();
$this->loadDataGrid();
$this->parse();
$this->display();
}
/**
* Validate the form based on the variables in $_POST
*
* @return void
*/
private function validateForm()
{
// form submitted
if ($this->frm->isSubmitted()) {
// required fields
$this->frm->getField('email')->isEmail('Please provide a valid e-mailaddress.');
$this->frm->getField('password')->isFilled('This field is required.');
$this->frm->getField('confirm')->isFilled('This field is required.');
if ($this->frm->getField('password')->getValue() != $this->frm->getField('confirm')->getValue()) {
$this->frm->getField('confirm')->addError('The passwords do not match.');
}
// all valid
if ($this->frm->isCorrect()) {
// update session
SpoonSession::set('email', $this->frm->getField('email')->getValue());
SpoonSession::set('password', $this->frm->getField('password')->getValue());
SpoonSession::set('confirm', $this->frm->getField('confirm')->getValue());
// redirect
SpoonHTTP::redirect('index.php?step=7');
}
}
}
/**
* Execute the action
*/
public function execute()
{
// If step 1 isn't entered, redirect back to the first step of the wizard
$this->record = \SpoonSession::get('module');
if (!$this->record || !array_key_exists('title', $this->record)) {
$this->redirect(Model::createURLForAction('Add'));
}
// If there are no fields added, redirect back to the second step of the wizard
if (!array_key_exists('fields', $this->record) || empty($this->record['fields'])) {
$this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing');
}
// get parameters
$this->id = $this->getParameter('id', 'int');
// does the item exist
if ($this->id !== null && array_key_exists($this->id, $this->record['fields'])) {
unset($this->record['fields'][$this->id]);
\SpoonSession::set('module', $this->record);
$this->redirect(Model::createURLForAction('AddStep2') . '&report=deleted');
} else {
$this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing');
}
}
/**
* Validate the forms
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$txtEmail = $this->frm->getField('backend_email');
$txtPassword = $this->frm->getField('backend_password');
// required fields
if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
// add error
$this->frm->addError('fields required');
// show error
$this->tpl->assign('hasError', true);
}
$this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'.");
// invalid form-token?
if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('400 Bad Request', true, 400);
}
}
// get the user's id
$userId = BackendUsersModel::getIdByEmail($txtEmail->getValue());
// all fields are ok?
if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
// try to login the user
if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
$this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'.");
// add error
$this->frm->addError('invalid login');
// store attempt in session
$current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0;
// increment and store
\SpoonSession::set('backend_login_attempts', ++$current);
// save the failed login attempt in the user's settings
if ($userId !== false) {
BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time());
}
// show error
$this->tpl->assign('hasError', true);
}
}
// check sessions
if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) {
// get previous attempt
$previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time();
// calculate timeout
$timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4);
// too soon!
if (time() < $previousAttempt + $timeout) {
// sleep until the user can login again
sleep($timeout);
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('503 Service Unavailable', true, 503);
}
} else {
// increment and store
\SpoonSession::set('backend_last_attempt', time());
}
// too many attempts
$this->frm->addEditor('too many attempts');
$this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'.");
// show error
$this->tpl->assign('hasTooManyAttemps', true);
$this->tpl->assign('hasError', false);
}
// no errors in the form?
if ($this->frm->isCorrect()) {
// cleanup sessions
\SpoonSession::delete('backend_login_attempts');
\SpoonSession::delete('backend_last_attempt');
// save the login timestamp in the user's settings
$lastLogin = BackendUsersModel::getSetting($userId, 'current_login');
BackendUsersModel::setSetting($userId, 'current_login', time());
if ($lastLogin) {
BackendUsersModel::setSetting($userId, 'last_login', $lastLogin);
}
$this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'.");
// redirect to the correct URL (URL the user was looking for or fallback)
$this->redirectToAllowedModuleAndAction();
}
}
// is the form submitted
if ($this->frmForgotPassword->isSubmitted()) {
// backend email
$email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
// required fields
if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
// check if there is a user with the given emailaddress
if (!BackendUsersModel::existsEmail($email)) {
$this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
}
}
// no errors in the form?
if ($this->frmForgotPassword->isCorrect()) {
// generate the key for the reset link and fetch the user ID for this email
$key = BackendAuthentication::getEncryptedString($email, uniqid());
// insert the key and the timestamp into the user settings
$userId = BackendUsersModel::getIdByEmail($email);
$user = new User($userId);
$user->setSetting('reset_password_key', $key);
$user->setSetting('reset_password_timestamp', time());
// variables to parse in the e-mail
$variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key;
// send e-mail to user
$from = $this->get('fork.settings')->get('Core', 'mailer_from');
$replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to');
$message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables);
$this->get('mailer')->send($message);
// clear post-values
$_POST['backend_email_forgot'] = '';
// show success message
$this->tpl->assign('isForgotPasswordSuccess', true);
// show form
$this->tpl->assign('showForm', true);
} else {
// errors?
$this->tpl->assign('showForm', true);
}
}
}
/**
* Validates the form. This is an alternative for isCorrect, but without retrieve the status of course.
*
* @return SpoonForm
*/
public function validate()
{
// define errors
$errors = '';
// if we use tokens, we validate them here
if ($this->getUseToken()) {
// token not available?
if (!SpoonSession::exists('form_token')) {
$errors .= $this->tokenError;
} else {
// compare tokens
if ($this->getField('form_token')->getValue() != SpoonSession::get('form_token')) {
$errors .= $this->tokenError;
}
}
}
// loop objects
foreach ($this->objects as $oElement) {
// check, since some objects don't have this method!
if (is_callable(array($oElement, 'getErrors'))) {
$errors .= $oElement->getErrors();
}
}
// affect correct status
if (trim($errors) != '') {
$this->correct = false;
}
// main form errors?
if (trim($this->getErrors()) != '') {
$this->correct = false;
}
// update parsed status
$this->validated = true;
return $this;
}
<?php
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
// do I know you?
if (SpoonSession::exists('public_uid')) {
$tpl->assign('oLogout', true);
$tpl->assign('oNavMe', true);
$uid = SpoonSession::get('public_uid');
$user = new User($uid);
if ($user->GetFollowing() != null) {
$values = $user->GetFollowing();
$following = array();
foreach ($values as $value) {
$userFollowing = new User($value['friend']);
if ($userFollowing->fb_uid == null) {
$userFollowing->fb_uid = 1;
}
array_push($following, get_object_vars($userFollowing));
}
$tpl->assign('oFollowing', true);
$tpl->assign('iFollowing', $following);
} else {
$tpl->assign('oNoFollowing', true);
/**
* Validate the form.
*/
private function validateForm()
{
// submitted
if ($this->frm->isSubmitted()) {
// does the key exists?
if (SpoonSession::exists('formbuilder_' . $this->item['id'])) {
// calculate difference
$diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->addError(FL::err('FormTimeout'));
}
}
// validate fields
foreach ($this->item['fields'] as $field) {
// fieldname
$fieldName = 'field' . $field['id'];
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// loop other validations
foreach ($field['validations'] as $rule => $settings) {
// already has an error so skip
if ($this->frm->getField($fieldName)->getErrors() !== null) {
continue;
}
// required
if ($rule == 'required') {
$this->frm->getField($fieldName)->isFilled($settings['error_message']);
} elseif ($rule == 'email') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isEmail($settings['error_message']);
}
} elseif ($rule == 'numeric') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isNumeric($settings['error_message']);
}
}
}
}
// valid form
if ($this->frm->isCorrect()) {
// item
$data['form_id'] = $this->item['id'];
$data['session_id'] = SpoonSession::getSessionId();
$data['sent_on'] = FrontendModel::getUTCDate();
$data['data'] = serialize(array('server' => $_SERVER));
// insert data
$dataId = FrontendFormBuilderModel::insertData($data);
// init fields array
$fields = array();
// loop all fields
foreach ($this->item['fields'] as $field) {
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// field data
$fieldData['data_id'] = $dataId;
$fieldData['label'] = $field['settings']['label'];
$fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
// prepare fields for email
if ($this->item['method'] == 'database_email') {
// add field for email
$emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value']));
}
// clean up
if (is_array($fieldData['value']) && empty($fieldData['value'])) {
$fieldData['value'] = null;
}
// serialize
if ($fieldData['value'] !== null) {
$fieldData['value'] = serialize($fieldData['value']);
}
// save fields data
$fields[] = $fieldData;
// insert
FrontendFormBuilderModel::insertDataField($fieldData);
}
// need to send mail
if ($this->item['method'] == 'database_email') {
// build variables
$variables['sentOn'] = time();
$variables['name'] = $this->item['name'];
$variables['fields'] = $emailFields;
// loop recipients
foreach ($this->item['email'] as $address) {
// add email
FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']);
}
}
// trigger event
FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
// store timestamp in session so we can block excesive usage
SpoonSession::set('formbuilder_' . $this->item['id'], time());
// redirect
$redirect = SITE_URL . '/' . $this->URL->getQueryString();
$redirect .= stripos($redirect, '?') === false ? '?' : '&';
$redirect .= 'identifier=' . $this->item['identifier'];
// redirect with identifier
SpoonHTTP::redirect($redirect);
} else {
// global form errors set
if ($this->frm->getErrors() != '') {
$this->tpl->assign('formBuilderError', $this->frm->getErrors());
} else {
$this->tpl->assign('formBuilderError', FL::err('FormError'));
}
}
}
}
/**
* Redirect to the loading page after checking for infinite loops.
*
* @return void
* @param string $action The action to check for infinite loops.
* @param array[optional] $extraParameters The extra parameters to append to the redirect url.
*/
public static function redirectToLoadingPage($action, array $extraParameters = array())
{
// get loop counter
$counter = SpoonSession::exists($action . 'Loop') ? SpoonSession::get($action . 'Loop') : 0;
// loop has run too long - throw exception
if ($counter > 2) {
throw new BackendException('An infinite loop has been detected while getting data from cache for the action "' . $action . '".');
}
// set new counter
SpoonSession::set($action . 'Loop', ++$counter);
// put parameters into a string
$extraParameters = empty($extraParameters) ? '' : '&' . http_build_query($extraParameters);
// redirect to loading page which will get the needed data based on the current action
SpoonHTTP::redirect(BackendModel::createURLForAction('loading') . '&redirect_action=' . $action . $extraParameters);
}
<?php
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
SpoonSession::start();
//Content layout
if (SpoonSession::exists('id') === false) {
SpoonHTTP::redirect('index.php');
}
$lat = SpoonFilter::getGetValue('lat', null, '');
$long = SpoonFilter::getGetValue('long', null, '');
$tpl->assign('formaction', $_SERVER['PHP_SELF'] . '?lat=' . $lat . '&long=' . $long);
$msgFault = '';
$pubname = SpoonFilter::getPostValue('pubname', null, '');
if (SpoonFilter::getPostValue('btnAdd', null, '')) {
if ($pubname === "") {
$msgFault = "Please fill in the name of the pub.";
} else {
if ($lat !== "" && $long !== "") {
$pub = new Pub('');
$pub->name = $pubname;
$pub->latitude = $lat;
$pub->longitude = $long;
$id = $pub->Add();
/**
* Validate the form
*/
private function validateForm()
{
// get settings
$subscriptionsAllowed = isset($this->settings['allow_subscriptions']) && $this->settings['allow_subscriptions'];
// subscriptions aren't allowed so we don't have to validate
if (!$subscriptionsAllowed) {
return false;
}
// is the form submitted
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// does the key exists?
if (\SpoonSession::exists('agenda_subscription_' . $this->record['id'])) {
// calculate difference
$diff = time() - (int) \SpoonSession::get('agenda_subscription_' . $this->record['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->getField('message')->addError(FL::err('CommentTimeout'));
}
}
// validate required fields
$this->frm->getField('name')->isFilled(FL::err('NameIsRequired'));
$this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
// no errors?
if ($this->frm->isCorrect()) {
// get module setting
$moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
// reformat data
$name = $this->frm->getField('name')->getValue();
$email = $this->frm->getField('email')->getValue();
// build array
$subscription['agenda_id'] = $this->record['id'];
$subscription['language'] = FRONTEND_LANGUAGE;
$subscription['created_on'] = FrontendModel::getUTCDate();
$subscription['name'] = $name;
$subscription['email'] = $email;
$subscription['status'] = 'subscribed';
// get URL for article
$permaLink = $this->record['full_url'];
$redirectLink = $permaLink;
// is moderation enabled
if ($moderationEnabled) {
// if the commenter isn't moderated before alter the subscription status so it will appear in the moderation queue
if (!FrontendAgendaModel::isModerated($name, $email)) {
$subscription['status'] = 'moderation';
}
}
// insert comment
$subscription['id'] = FrontendAgendaModel::insertSubscription($subscription);
// trigger event
FrontendModel::triggerEvent('agenda', 'after_add_subscription', array('subscription' => $subscription));
// append a parameter to the URL so we can show moderation
if (strpos($redirectLink, '?') === false) {
if ($subscription['status'] == 'moderation') {
$redirectLink .= '?subscription=moderation#' . FL::act('Subscribe');
}
if ($subscription['status'] == 'subscribed') {
$redirectLink .= '?subscription=true#subscription-' . $subscription['id'];
}
} else {
if ($subscription['status'] == 'moderation') {
$redirectLink .= '&subscription=moderation#' . FL::act('Subscribe');
}
if ($subscription['status'] == 'subscribed') {
$redirectLink .= '&subscription=true#comment-' . $subscription['id'];
}
}
// set title
$subscription['agenda_title'] = $this->record['title'];
$subscription['agenda_url'] = $this->record['url'];
// notify the admin
FrontendAgendaModel::notifyAdmin($subscription);
// store timestamp in session so we can block excessive usage
\SpoonSession::set('agenda_subscription_' . $this->record['id'], time());
// store author-data in cookies
try {
Cookie::set('subscription_author', $name);
Cookie::set('subscription_email', $email);
} catch (Exception $e) {
// settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
}
// redirect
$this->redirect($redirectLink);
}
}
}
/**
* Show the success message
*/
private function showSuccess()
{
// assign variables
$this->tpl->assign('url', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'fork.local');
$this->tpl->assign('email', SpoonSession::get('email'));
$this->tpl->assign('password', SpoonSession::get('password'));
}
/**
* Start session
*/
private function initSession()
{
SpoonSession::start();
}
/**
* Validate the form
*/
private function validateForm()
{
// get settings
$commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments'];
// comments aren't allowed so we don't have to validate
if (!$commentsAllowed) {
return false;
}
// is the form submitted
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// does the key exists?
if (SpoonSession::exists('blog_comment_' . $this->record['id'])) {
// calculate difference
$diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->getField('message')->addError(FL::err('CommentTimeout'));
}
}
// validate required fields
$this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired'));
$this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
$this->frm->getField('message')->isFilled(FL::err('MessageIsRequired'));
// validate optional fields
if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') {
$this->frm->getField('website')->isURL(FL::err('InvalidURL'));
}
// no errors?
if ($this->frm->isCorrect()) {
// get module setting
$spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter'];
$moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
// reformat data
$author = $this->frm->getField('author')->getValue();
$email = $this->frm->getField('email')->getValue();
$website = $this->frm->getField('website')->getValue();
if (trim($website) == '' || $website == 'http://') {
$website = null;
}
$text = $this->frm->getField('message')->getValue();
// build array
$comment['post_id'] = $this->record['id'];
$comment['language'] = FRONTEND_LANGUAGE;
$comment['created_on'] = FrontendModel::getUTCDate();
$comment['author'] = $author;
$comment['email'] = $email;
$comment['website'] = $website;
$comment['text'] = $text;
$comment['status'] = 'published';
$comment['data'] = serialize(array('server' => $_SERVER));
// get URL for article
$permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url'];
$redirectLink = $permaLink;
// is moderation enabled
if ($moderationEnabled) {
// if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue
if (!FrontendBlogModel::isModerated($author, $email)) {
$comment['status'] = 'moderation';
}
}
// should we check if the item is spam
if ($spamFilterEnabled) {
// check for spam
$result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website);
// if the comment is spam alter the comment status so it will appear in the spam queue
if ($result) {
$comment['status'] = 'spam';
} elseif ($result == 'unknown') {
$comment['status'] = 'moderation';
}
}
// insert comment
$comment['id'] = FrontendBlogModel::insertComment($comment);
// trigger event
FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment));
// append a parameter to the URL so we can show moderation
if (strpos($redirectLink, '?') === false) {
if ($comment['status'] == 'moderation') {
$redirectLink .= '?comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '?comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '?comment=true#comment-' . $comment['id'];
}
} else {
if ($comment['status'] == 'moderation') {
$redirectLink .= '&comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '&comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '&comment=true#comment-' . $comment['id'];
}
}
// set title
$comment['post_title'] = $this->record['title'];
$comment['post_url'] = $this->record['url'];
// notify the admin
FrontendBlogModel::notifyAdmin($comment);
// store timestamp in session so we can block excesive usage
SpoonSession::set('blog_comment_' . $this->record['id'], time());
// store author-data in cookies
try {
SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
} catch (Exception $e) {
// settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
}
// redirect
$this->redirect($redirectLink);
}
}
}
/**
* Parse the authentication settings for the authenticated user
*/
private function parseAuthentication()
{
// init var
$db = BackendModel::getDB();
// get allowed actions
$allowedActions = (array) $db->getRecords('SELECT gra.module, gra.action, MAX(gra.level) AS level
FROM users_sessions AS us
INNER JOIN users AS u ON us.user_id = u.id
INNER JOIN users_groups AS ug ON u.id = ug.user_id
INNER JOIN groups_rights_actions AS gra ON ug.group_id = gra.group_id
WHERE us.session_id = ? AND us.secret_key = ?
GROUP BY gra.module, gra.action', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key')));
// loop actions and assign to template
foreach ($allowedActions as $action) {
if ($action['level'] == '7') {
$this->assign('show' . SpoonFilter::toCamelCase($action['module'], '_') . SpoonFilter::toCamelCase($action['action'], '_'), true);
}
}
}
/**
* Process the query string
*/
private function processQueryString()
{
// store the query string local, so we don't alter it.
$queryString = trim($this->request->getPathInfo(), '/');
// split into chunks
$chunks = (array) explode('/', $queryString);
$hasMultiLanguages = $this->getContainer()->getParameter('site.multilanguage');
// single language
if (!$hasMultiLanguages) {
// set language id
$language = $this->get('fork.settings')->get('Core', 'default_language', SITE_DEFAULT_LANGUAGE);
} else {
// multiple languages
// default value
$mustRedirect = false;
// get possible languages
$possibleLanguages = (array) Language::getActiveLanguages();
$redirectLanguages = (array) Language::getRedirectLanguages();
// the language is present in the URL
if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) {
// define language
$language = (string) $chunks[0];
// try to set a cookie with the language
try {
// set cookie
CommonCookie::set('frontend_language', $language);
} catch (\SpoonCookieException $e) {
// settings cookies isn't allowed, because this isn't a real problem we ignore the exception
}
// set sessions
\SpoonSession::set('frontend_language', $language);
// remove the language part
array_shift($chunks);
} elseif (CommonCookie::exists('frontend_language') && in_array(CommonCookie::get('frontend_language'), $redirectLanguages)) {
// set languageId
$language = (string) CommonCookie::get('frontend_language');
// redirect is needed
$mustRedirect = true;
} else {
// default browser language
// set languageId & abbreviation
$language = Language::getBrowserLanguage();
// try to set a cookie with the language
try {
// set cookie
CommonCookie::set('frontend_language', $language);
} catch (\SpoonCookieException $e) {
// settings cookies isn't allowed, because this isn't a real problem we ignore the exception
}
// redirect is needed
$mustRedirect = true;
}
// redirect is required
if ($mustRedirect) {
// build URL
// trim the first / from the query string to prevent double slashes
$url = rtrim('/' . $language . '/' . trim($this->getQueryString(), '/'), '/');
// when we are just adding the language to the domain, it's a temporary redirect because
// Safari keeps the 301 in cache, so the cookie to switch language doesn't work any more
$redirectCode = $url == '/' . $language ? 302 : 301;
// set header & redirect
throw new RedirectException('Redirect', new RedirectResponse($url, $redirectCode));
}
}
// define the language
defined('FRONTEND_LANGUAGE') || define('FRONTEND_LANGUAGE', $language);
defined('LANGUAGE') || define('LANGUAGE', $language);
// sets the locale file
Language::setLocale($language);
// list of pageIds & their full URL
$keys = Navigation::getKeys();
// rebuild our URL, but without the language parameter. (it's tripped earlier)
$url = implode('/', $chunks);
$startURL = $url;
// loop until we find the URL in the list of pages
while (!in_array($url, $keys)) {
// remove the last chunk
array_pop($chunks);
// redefine the URL
$url = implode('/', $chunks);
}
// remove language from query string
if ($hasMultiLanguages) {
$queryString = trim(mb_substr($queryString, mb_strlen($language)), '/');
}
// if it's the homepage AND parameters were given (not allowed!)
if ($url == '' && $queryString != '') {
// get 404 URL
$url = Navigation::getURL(404);
// remove language
if ($hasMultiLanguages) {
$url = str_replace('/' . $language, '', $url);
}
}
// set pages
$url = trim($url, '/');
// currently not in the homepage
if ($url != '') {
// explode in pages
$pages = explode('/', $url);
// reset pages
$this->setPages($pages);
// reset parameters
$this->setParameters(array());
}
// set parameters
$parameters = trim(mb_substr($startURL, mb_strlen($url)), '/');
// has at least one parameter
if ($parameters != '') {
// parameters will be separated by /
$parameters = explode('/', $parameters);
// set parameters
$this->setParameters($parameters);
}
// pageId, parentId & depth
$pageId = Navigation::getPageId(implode('/', $this->getPages()));
$pageInfo = Navigation::getPageInfo($pageId);
// invalid page, or parameters but no extra
if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) {
// get 404 URL
$url = Navigation::getURL(404);
// remove language
if ($hasMultiLanguages) {
$url = str_replace('/' . $language, '', $url);
}
// remove the first slash
$url = trim($url, '/');
// currently not in the homepage
if ($url != '') {
// explode in pages
$pages = explode('/', $url);
// reset pages
$this->setPages($pages);
// reset parameters
$this->setParameters(array());
}
}
// is this an internal redirect?
if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') {
// get url for item
$newPageURL = Navigation::getURL((int) $pageInfo['redirect_page_id']);
$errorURL = Navigation::getURL(404);
// not an error?
if ($newPageURL != $errorURL) {
// redirect
throw new RedirectException('Redirect', new RedirectResponse($newPageURL, $pageInfo['redirect_code']));
}
}
// is this an external redirect?
if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') {
// redirect
throw new RedirectException('Redirect', new RedirectResponse($pageInfo['redirect_url'], $pageInfo['redirect_code']));
}
}
<?php
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
//Content layout
$pub = new Pub(SpoonFilter::getGetValue('id', null, ''));
if (SpoonSession::exists('public_uid')) {
//show logout
$tpl->assign('oLogout', true);
}
if ($pub->pub_id === null) {
SpoonHTTP::redirect('index.php');
}
$recent = CheckIn::getCheckinsByPubId($pub->pub_id);
for ($i = 0; $i < sizeof($recent); $i++) {
$recent[$i]['timestamp'] = SpoonDate::getTimeAgo(strtotime($recent[$i]['timestamp']));
//check if the user has a fb account authenticated
if (!$recent[$i]['fb_uid']) {
//else, use standard fb icon
$recent[$i]['fb_uid'] = 1;
}
}
if ($recent !== null) {
$tpl->assign('oRecent', true);
/**
* Validate the form based on the variables in $_POST
*/
private function validateForm()
{
// form submitted
if ($this->frm->isSubmitted()) {
// multiple languages
if ($this->frm->getField('language_type')->getValue() == 'multiple') {
// list of languages
$languages = $this->frm->getField('languages')->getValue();
// default language
if (!in_array($this->frm->getField('default_language')->getValue(), $languages)) {
$this->frm->getField('default_language')->setError('Your default language needs to be in the list of languages you chose.');
}
} else {
// list of languages
$languages = (array) array($this->frm->getField('default_language')->getValue());
}
// same cms interface language
if ($this->frm->getField('same_interface_language')->getChecked()) {
// list of languages
$interfaceLanguages = $languages;
} else {
// list of languages
$interfaceLanguages = $this->frm->getField('interface_languages')->getValue();
}
// default language
if (!in_array($this->frm->getField('default_interface_language')->getValue(), $interfaceLanguages)) {
$this->frm->getField('default_interface_language')->setError('Your default language needs to be in the list of languages you chose.');
}
// all valid
if ($this->frm->isCorrect()) {
// set languages
SpoonSession::set('default_language', $this->frm->getField('default_language')->getValue());
SpoonSession::set('default_interface_language', $this->frm->getField('default_interface_language')->getValue());
SpoonSession::set('multiple_languages', $this->frm->getField('language_type')->getValue() == 'multiple' ? true : false);
SpoonSession::set('languages', $languages);
SpoonSession::set('interface_languages', $interfaceLanguages);
// redirect
SpoonHTTP::redirect('index.php?step=4');
}
}
}
/**
* Parse the datagrids and the reports.
*/
protected function parse()
{
parent::parse();
// parse data grid
$this->tpl->assign('dataGridInstallableModules', (string) $this->dataGridInstallableModules->getContent());
$this->tpl->assign('dataGridInstalledModules', (string) $this->dataGridInstalledModules->getContent());
// parse installer warnings
$this->tpl->assign('warnings', (array) \SpoonSession::get('installer_warnings'));
}
}
if (!defined('PAGING_LIMIT')) {
define('PAGING_LIMIT', 30);
}
//time zone
date_default_timezone_set('Asia/Kuala_Lumpur');
//include Spoon Library
reqFile(CM_ROOT . '/cm_includes/spoon/spoon.php');
//error_reporting level
if (defined('SPOON_DEBUG') && SPOON_DEBUG == true) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}
//load SpoonSession
SpoonSession::start();
//include auth library
reqFile(CM_ROOT . '/cm_includes/auth.class.php');
if (defined("IN_API") && IN_API == true) {
if (!cmAuth::md5_verify($_POST['adminname'], $_POST['adminpw'])) {
die;
}
} elseif (defined('IN_LOGIN') && defined('IN_IMAGE')) {
} elseif (defined("IN_LOGIN") && IN_LOGIN == true) {
reqFile(CM_ROOT . '/cm_includes/securimage/securimage.php');
$securimage = new Securimage();
} elseif (defined("IN_ADMIN") && IN_ADMIN == true) {
if (!cmAuth::is_logined()) {
header('Location: ' . CM_URL . '/cm_admin/login.php');
}
} elseif (defined('IN_IMAGE') && IN_IMAGE == true) {
/**
* Set start and end timestamp needed to collect analytics data
*/
private function setDates()
{
BackendAnalyticsHelper::setDates();
$this->startTimestamp = SpoonSession::get('analytics_start_timestamp');
$this->endTimestamp = SpoonSession::get('analytics_end_timestamp');
}
/**
* Logsout the current user
*
* @return void
*/
public static function logout()
{
// remove all rows owned by the current user
BackendModel::getDB(true)->delete('users_sessions', 'session_id = ?', SpoonSession::getSessionId());
// reset values. We can't destroy the session because session-data can be used on the site.
SpoonSession::set('backend_logged_in', false);
SpoonSession::set('backend_secret_key', '');
}
/**
* Process the querystring
*
* @return void
*/
private function processQueryString()
{
// store the querystring local, so we don't alter it.
$queryString = $this->getQueryString();
// fix GET-parameters
$getChunks = explode('?', $queryString);
// are there GET-parameters
if (isset($getChunks[1])) {
// get key-value pairs
$get = explode('&', $getChunks[1]);
// remove from querystring
$queryString = str_replace('?' . $getChunks[1], '', $this->getQueryString());
// loop pairs
foreach ($get as $getItem) {
// get key and value
$getChunks = explode('=', $getItem, 2);
// key available?
if (isset($getChunks[0])) {
// reset in $_GET
$_GET[$getChunks[0]] = isset($getChunks[1]) ? (string) $getChunks[1] : '';
// add into parameters
if (isset($getChunks[1])) {
$this->parameters[(string) $getChunks[0]] = (string) $getChunks[1];
}
}
}
}
// split into chunks
$chunks = (array) explode('/', $queryString);
// single language
if (!SITE_MULTILANGUAGE) {
// set language id
$language = FrontendModel::getModuleSetting('core', 'default_language', SITE_DEFAULT_LANGUAGE);
} else {
// default value
$mustRedirect = false;
// get possible languages
$possibleLanguages = (array) FrontendLanguage::getActiveLanguages();
$redirectLanguages = (array) FrontendLanguage::getRedirectLanguages();
// the language is present in the URL
if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) {
// define language
$language = (string) $chunks[0];
// try to set a cookie with the language
try {
// set cookie
SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain());
} catch (SpoonCookieException $e) {
// settings cookies isn't allowed, because this isn't a real problem we ignore the exception
}
// set sessions
SpoonSession::set('frontend_language', $language);
// remove the language part
array_shift($chunks);
} elseif (SpoonCookie::exists('frontend_language') && in_array(SpoonCookie::get('frontend_language'), $redirectLanguages)) {
// set languageId
$language = (string) SpoonCookie::get('frontend_language');
// redirect is needed
$mustRedirect = true;
} else {
// set languageId & abbreviation
$language = FrontendLanguage::getBrowserLanguage();
// try to set a cookie with the language
try {
// set cookie
SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain());
} catch (SpoonCookieException $e) {
// settings cookies isn't allowed, because this isn't a real problem we ignore the exception
}
// redirect is needed
$mustRedirect = true;
}
// redirect is required
if ($mustRedirect) {
// build URL
$URL = rtrim('/' . $language . '/' . $this->getQueryString(), '/');
// set header & redirect
SpoonHTTP::redirect($URL, 301);
}
}
// define the language
define('FRONTEND_LANGUAGE', $language);
// sets the localefile
FrontendLanguage::setLocale($language);
// list of pageIds & their full URL
$keys = FrontendNavigation::getKeys();
// full URL
$URL = implode('/', $chunks);
$startURL = $URL;
// loop until we find the URL in the list of pages
while (!in_array($URL, $keys)) {
// remove the last chunk
array_pop($chunks);
// redefine the URL
$URL = implode('/', $chunks);
}
// remove language from querystring
if (SITE_MULTILANGUAGE) {
$queryString = trim(substr($queryString, strlen($language)), '/');
}
// if it's the homepage AND parameters were given (not allowed!)
if ($URL == '' && $queryString != '') {
// get 404 URL
$URL = FrontendNavigation::getURL(404);
// remove language
if (SITE_MULTILANGUAGE) {
$URL = str_replace('/' . $language, '', $URL);
}
}
// set pages
$URL = trim($URL, '/');
// currently not in the homepage
if ($URL != '') {
// explode in pages
$pages = explode('/', $URL);
// reset pages
$this->setPages($pages);
// reset parameters
$this->setParameters(array());
}
// set parameters
$parameters = trim(substr($startURL, strlen($URL)), '/');
// has at least one parameter
if ($parameters != '') {
// parameters will be separated by /
$parameters = explode('/', $parameters);
// set parameters
$this->setParameters($parameters);
}
// pageId, parentId & depth
$pageId = FrontendNavigation::getPageId(implode('/', $this->getPages()));
$pageInfo = FrontendNavigation::getPageInfo($pageId);
// invalid page, or parameters but no extra
if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) {
// get 404 URL
$URL = FrontendNavigation::getURL(404);
// remove language
if (SITE_MULTILANGUAGE) {
$URL = trim(str_replace('/' . $language, '', $URL), '/');
}
// currently not in the homepage
if ($URL != '') {
// explode in pages
$pages = explode('/', $URL);
// reset pages
$this->setPages($pages);
// reset parameters
$this->setParameters(array());
}
}
// is this an internal redirect?
if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') {
// get url for item
$newPageURL = FrontendNavigation::getURL((int) $pageInfo['redirect_page_id']);
$errorURL = FrontendNavigation::getURL(404);
// not an error?
if ($newPageURL != $errorURL) {
// redirect
SpoonHTTP::redirect($newPageURL, $pageInfo['redirect_code']);
}
}
// is this an external redirect?
if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') {
// redirect
SpoonHTTP::redirect($pageInfo['redirect_url'], $pageInfo['redirect_code']);
}
}
/**
* Load a user by his e-mail adress
*
* @param string $email The email of the user to load.
*
* @throws Exception If user cannot be loaded
*/
public function loadUserByEmail($email)
{
$email = (string) $email;
$db = BackendModel::getContainer()->get('database');
// get user-data
$userData = (array) $db->getRecord('SELECT u.id, u.email, u.is_god, us.session_id, us.secret_key, UNIX_TIMESTAMP(us.date) AS date
FROM users AS u
LEFT OUTER JOIN users_sessions AS us ON u.id = us.user_id AND us.session_id = ?
WHERE u.email = ?
LIMIT 1', array(\SpoonSession::getSessionId(), $email));
// if there is no data we have to destroy this object, I know this isn't a realistic situation
if (empty($userData)) {
throw new Exception('user (' . $email . ') can\'t be loaded.');
}
// set properties
$this->setUserId($userData['id']);
$this->setEmail($userData['email']);
$this->setSessionId($userData['session_id']);
$this->setSecretKey($userData['secret_key']);
$this->setLastloggedInDate($userData['date']);
$this->isAuthenticated = true;
$this->isGod = $userData['is_god'] == 'Y';
$this->loadGroups($userData['id']);
// get settings
$settings = (array) $db->getPairs('SELECT us.name, us.value
FROM users_settings AS us
INNER JOIN users AS u ON us.user_id = u.id
WHERE u.email = ?', array($email));
// loop settings and store them in the object
foreach ($settings as $key => $value) {
$this->settings[$key] = unserialize($value);
}
// nickname available?
if (!isset($this->settings['nickname']) || $this->settings['nickname'] == '') {
$this->setSetting('nickname', $this->settings['name'] . ' ' . $this->settings['surname']);
}
}
$tpl->assign('longitude', $latestCheckIn->pub->longitude);
$tpl->assign('latitude', $latestCheckIn->pub->latitude);
$tpl->assign('people', $latestCheckIn->pub->getNumberPeople());
$tpl->assign('checkins', $latestCheckIn->pub->getNumberCheckins());
$tabs = $latestCheckIn->getTabs();
if ($tabs[0] !== null) {
$tpl->assign('iTabs', $tabs);
$tpl->assign('oTabs', true);
} else {
$tpl->assign('iTabs', array());
$tpl->assign('oNoTabs', true);
}
//}else{
// $tpl->assign('oNoCheckIn', true);
//}
$user = new User(SpoonSession::exists('id'));
if ($user->weight !== null && $user->gender !== null) {
if ($daysAgo > 0) {
$timeAgo = $daysAgo * 12 - $timeAgo;
}
$drinks = $latestCheckIn->getNumberTabs();
$isLegal = $user->isLegalToDrive((int) $drinks["count"], $timeAgo);
if ($isLegal) {
$tpl->assign('oLegalToDrive', true);
} else {
$tpl->assign('oNotLegalToDrive', true);
}
} else {
$tpl->assign('oNotAbleLegalToDrive', true);
}
// show the output
