/** * Validate the form */ protected function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); // validation $fields = $this->frm->getFields(); $fields['title']->isFilled(Language::err('TitleIsRequired')); $fields['description']->isFilled(Language::err('FieldIsRequired')); $fields['author_name']->isFilled(Language::err('FieldIsRequired')); $fields['author_url']->isFilled(Language::err('FieldIsRequired')); $fields['author_email']->isFilled(Language::err('FieldIsRequired')); // cleanup the modulename $title = preg_replace('/[^A-Za-z ]/', '', $fields['title']->getValue()); // check if there is already a module with this name if (BackendExtensionsModel::existsModule($title)) { $fields['title']->addError(Language::err('DuplicateModuleName')); } if ($this->frm->isCorrect()) { $this->record['title'] = $title; $this->record['description'] = trim($fields['description']->getValue()); $this->record['author_name'] = $fields['author_name']->getValue(); $this->record['author_url'] = $fields['author_url']->getValue(); $this->record['author_email'] = $fields['author_email']->getValue(); $this->record['camel_case_name'] = BackendModuleMakerHelper::buildCamelCasedName($title); $this->record['underscored_name'] = BackendModuleMakerHelper::buildUnderscoredName($title); \SpoonSession::set('module', $this->record); $this->redirect(Model::createURLForAction('AddStep2')); } } }
/** * Execute the action * * @return void */ public function execute() { // call parent, this will probably add some general CSS/JS or other required files parent::execute(); // get parameters $term = SpoonFilter::getGetValue('term', null, ''); // validate if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } // previous search result $previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : ''; SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $term) { // format data $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = FRONTEND_LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie SpoonSession::set('searchTerm', $term); // output $this->output(self::OK); }
/** * Validate the form */ protected function validateForm() { if ($this->frm->isSubmitted()) { $this->frm->cleanupFields(); $frmFields = $this->frm->getFields(); // validate form if ($frmFields['twitter']->isChecked()) { // we need fields when search is ticked $frmFields['twitter_name']->isFilled(Language::err('FieldIsRequired')); } if ($this->frm->isCorrect()) { // if this field is checked, let's add a boolean searchable true to the chosen fields if ($frmFields['twitter']->isChecked()) { $this->record['twitter'] = $frmFields['twitter_name']->getValue(); } else { if (array_key_exists('twitter', $this->record)) { unset($this->record['twitter']); } } // save the object in our session \SpoonSession::set('module', $this->record); $this->redirect(Model::createURLForAction('Generate')); } } }
/** * Execute the action */ public function execute() { parent::execute(); // get parameters $charset = $this->getContainer()->getParameter('kernel.charset'); $searchTerm = \SpoonFilter::getPostValue('term', null, ''); $term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm); // validate search term if ($term == '') { $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); } else { // previous search result $previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : ''; \SpoonSession::set('searchTerm', ''); // save this term? if ($previousTerm != $term) { // format data $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); // save data FrontendSearchModel::save($this->statistics); } // save current search term in cookie \SpoonSession::set('searchTerm', $term); // output $this->output(self::OK); } }
/** * Set start and end timestamp needed to collect analytics data * * @return void */ private function setDates() { // process BackendAnalyticsHelper::setDates(); // get timestamps from session and set $this->startTimestamp = (int) SpoonSession::get('analytics_start_timestamp'); $this->endTimestamp = (int) SpoonSession::get('analytics_end_timestamp'); }
/** * Check if the token is ok */ public function checkToken() { $fromSession = \SpoonSession::exists('csrf_token') ? \SpoonSession::get('csrf_token') : ''; $fromGet = \SpoonFilter::getGetValue('token', null, ''); if ($fromSession != '' && $fromGet != '' && $fromSession == $fromGet) { return; } // clear the token \SpoonSession::set('csrf_token', ''); $this->redirect(BackendModel::createURLForAction('Index', null, null, array('error' => 'csrf'))); }
/** * Execute the actions */ public function execute() { // If step 1 isn't entered, redirect back to the first step of the wizard $this->record = \SpoonSession::get('module'); if (!$this->record || !array_key_exists('title', $this->record)) { $this->redirect(Model::createURLForAction('add')); } parent::execute(); $this->loadDataGrid(); $this->parse(); $this->display(); }
/** * Validate the form based on the variables in $_POST * * @return void */ private function validateForm() { // form submitted if ($this->frm->isSubmitted()) { // required fields $this->frm->getField('email')->isEmail('Please provide a valid e-mailaddress.'); $this->frm->getField('password')->isFilled('This field is required.'); $this->frm->getField('confirm')->isFilled('This field is required.'); if ($this->frm->getField('password')->getValue() != $this->frm->getField('confirm')->getValue()) { $this->frm->getField('confirm')->addError('The passwords do not match.'); } // all valid if ($this->frm->isCorrect()) { // update session SpoonSession::set('email', $this->frm->getField('email')->getValue()); SpoonSession::set('password', $this->frm->getField('password')->getValue()); SpoonSession::set('confirm', $this->frm->getField('confirm')->getValue()); // redirect SpoonHTTP::redirect('index.php?step=7'); } } }
/** * Execute the action */ public function execute() { // If step 1 isn't entered, redirect back to the first step of the wizard $this->record = \SpoonSession::get('module'); if (!$this->record || !array_key_exists('title', $this->record)) { $this->redirect(Model::createURLForAction('Add')); } // If there are no fields added, redirect back to the second step of the wizard if (!array_key_exists('fields', $this->record) || empty($this->record['fields'])) { $this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing'); } // get parameters $this->id = $this->getParameter('id', 'int'); // does the item exist if ($this->id !== null && array_key_exists($this->id, $this->record['fields'])) { unset($this->record['fields'][$this->id]); \SpoonSession::set('module', $this->record); $this->redirect(Model::createURLForAction('AddStep2') . '&report=deleted'); } else { $this->redirect(Model::createURLForAction('AddStep2') . '&error=non-existing'); } }
/** * Validate the forms */ private function validateForm() { if ($this->frm->isSubmitted()) { $txtEmail = $this->frm->getField('backend_email'); $txtPassword = $this->frm->getField('backend_password'); // required fields if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) { // add error $this->frm->addError('fields required'); // show error $this->tpl->assign('hasError', true); } $this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'."); // invalid form-token? if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) { // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('400 Bad Request', true, 400); } } // get the user's id $userId = BackendUsersModel::getIdByEmail($txtEmail->getValue()); // all fields are ok? if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) { // try to login the user if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) { $this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'."); // add error $this->frm->addError('invalid login'); // store attempt in session $current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0; // increment and store \SpoonSession::set('backend_login_attempts', ++$current); // save the failed login attempt in the user's settings if ($userId !== false) { BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time()); } // show error $this->tpl->assign('hasError', true); } } // check sessions if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) { // get previous attempt $previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time(); // calculate timeout $timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4); // too soon! if (time() < $previousAttempt + $timeout) { // sleep until the user can login again sleep($timeout); // set a correct header, so bots understand they can't mess with us. if (!headers_sent()) { header('503 Service Unavailable', true, 503); } } else { // increment and store \SpoonSession::set('backend_last_attempt', time()); } // too many attempts $this->frm->addEditor('too many attempts'); $this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'."); // show error $this->tpl->assign('hasTooManyAttemps', true); $this->tpl->assign('hasError', false); } // no errors in the form? if ($this->frm->isCorrect()) { // cleanup sessions \SpoonSession::delete('backend_login_attempts'); \SpoonSession::delete('backend_last_attempt'); // save the login timestamp in the user's settings $lastLogin = BackendUsersModel::getSetting($userId, 'current_login'); BackendUsersModel::setSetting($userId, 'current_login', time()); if ($lastLogin) { BackendUsersModel::setSetting($userId, 'last_login', $lastLogin); } $this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'."); // redirect to the correct URL (URL the user was looking for or fallback) $this->redirectToAllowedModuleAndAction(); } } // is the form submitted if ($this->frmForgotPassword->isSubmitted()) { // backend email $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue(); // required fields if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) { // check if there is a user with the given emailaddress if (!BackendUsersModel::existsEmail($email)) { $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown')); } } // no errors in the form? if ($this->frmForgotPassword->isCorrect()) { // generate the key for the reset link and fetch the user ID for this email $key = BackendAuthentication::getEncryptedString($email, uniqid()); // insert the key and the timestamp into the user settings $userId = BackendUsersModel::getIdByEmail($email); $user = new User($userId); $user->setSetting('reset_password_key', $key); $user->setSetting('reset_password_timestamp', time()); // variables to parse in the e-mail $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key; // send e-mail to user $from = $this->get('fork.settings')->get('Core', 'mailer_from'); $replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to'); $message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables); $this->get('mailer')->send($message); // clear post-values $_POST['backend_email_forgot'] = ''; // show success message $this->tpl->assign('isForgotPasswordSuccess', true); // show form $this->tpl->assign('showForm', true); } else { // errors? $this->tpl->assign('showForm', true); } } }
/** * Validates the form. This is an alternative for isCorrect, but without retrieve the status of course. * * @return SpoonForm */ public function validate() { // define errors $errors = ''; // if we use tokens, we validate them here if ($this->getUseToken()) { // token not available? if (!SpoonSession::exists('form_token')) { $errors .= $this->tokenError; } else { // compare tokens if ($this->getField('form_token')->getValue() != SpoonSession::get('form_token')) { $errors .= $this->tokenError; } } } // loop objects foreach ($this->objects as $oElement) { // check, since some objects don't have this method! if (is_callable(array($oElement, 'getErrors'))) { $errors .= $oElement->getErrors(); } } // affect correct status if (trim($errors) != '') { $this->correct = false; } // main form errors? if (trim($this->getErrors()) != '') { $this->correct = false; } // update parsed status $this->validated = true; return $this; }
<?php date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); // do I know you? if (SpoonSession::exists('public_uid')) { $tpl->assign('oLogout', true); $tpl->assign('oNavMe', true); $uid = SpoonSession::get('public_uid'); $user = new User($uid); if ($user->GetFollowing() != null) { $values = $user->GetFollowing(); $following = array(); foreach ($values as $value) { $userFollowing = new User($value['friend']); if ($userFollowing->fb_uid == null) { $userFollowing->fb_uid = 1; } array_push($following, get_object_vars($userFollowing)); } $tpl->assign('oFollowing', true); $tpl->assign('iFollowing', $following); } else { $tpl->assign('oNoFollowing', true);
/** * Validate the form. */ private function validateForm() { // submitted if ($this->frm->isSubmitted()) { // does the key exists? if (SpoonSession::exists('formbuilder_' . $this->item['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->addError(FL::err('FormTimeout')); } } // validate fields foreach ($this->item['fields'] as $field) { // fieldname $fieldName = 'field' . $field['id']; // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // loop other validations foreach ($field['validations'] as $rule => $settings) { // already has an error so skip if ($this->frm->getField($fieldName)->getErrors() !== null) { continue; } // required if ($rule == 'required') { $this->frm->getField($fieldName)->isFilled($settings['error_message']); } elseif ($rule == 'email') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isEmail($settings['error_message']); } } elseif ($rule == 'numeric') { // only check this if the field is filled, if the field is required it will be validated before if ($this->frm->getField($fieldName)->isFilled()) { $this->frm->getField($fieldName)->isNumeric($settings['error_message']); } } } } // valid form if ($this->frm->isCorrect()) { // item $data['form_id'] = $this->item['id']; $data['session_id'] = SpoonSession::getSessionId(); $data['sent_on'] = FrontendModel::getUTCDate(); $data['data'] = serialize(array('server' => $_SERVER)); // insert data $dataId = FrontendFormBuilderModel::insertData($data); // init fields array $fields = array(); // loop all fields foreach ($this->item['fields'] as $field) { // skip if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') { continue; } // field data $fieldData['data_id'] = $dataId; $fieldData['label'] = $field['settings']['label']; $fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue(); // prepare fields for email if ($this->item['method'] == 'database_email') { // add field for email $emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value'])); } // clean up if (is_array($fieldData['value']) && empty($fieldData['value'])) { $fieldData['value'] = null; } // serialize if ($fieldData['value'] !== null) { $fieldData['value'] = serialize($fieldData['value']); } // save fields data $fields[] = $fieldData; // insert FrontendFormBuilderModel::insertDataField($fieldData); } // need to send mail if ($this->item['method'] == 'database_email') { // build variables $variables['sentOn'] = time(); $variables['name'] = $this->item['name']; $variables['fields'] = $emailFields; // loop recipients foreach ($this->item['email'] as $address) { // add email FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']); } } // trigger event FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId())); // store timestamp in session so we can block excesive usage SpoonSession::set('formbuilder_' . $this->item['id'], time()); // redirect $redirect = SITE_URL . '/' . $this->URL->getQueryString(); $redirect .= stripos($redirect, '?') === false ? '?' : '&'; $redirect .= 'identifier=' . $this->item['identifier']; // redirect with identifier SpoonHTTP::redirect($redirect); } else { // global form errors set if ($this->frm->getErrors() != '') { $this->tpl->assign('formBuilderError', $this->frm->getErrors()); } else { $this->tpl->assign('formBuilderError', FL::err('FormError')); } } } }
/** * Redirect to the loading page after checking for infinite loops. * * @return void * @param string $action The action to check for infinite loops. * @param array[optional] $extraParameters The extra parameters to append to the redirect url. */ public static function redirectToLoadingPage($action, array $extraParameters = array()) { // get loop counter $counter = SpoonSession::exists($action . 'Loop') ? SpoonSession::get($action . 'Loop') : 0; // loop has run too long - throw exception if ($counter > 2) { throw new BackendException('An infinite loop has been detected while getting data from cache for the action "' . $action . '".'); } // set new counter SpoonSession::set($action . 'Loop', ++$counter); // put parameters into a string $extraParameters = empty($extraParameters) ? '' : '&' . http_build_query($extraParameters); // redirect to loading page which will get the needed data based on the current action SpoonHTTP::redirect(BackendModel::createURLForAction('loading') . '&redirect_action=' . $action . $extraParameters); }
<?php date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); SpoonSession::start(); //Content layout if (SpoonSession::exists('id') === false) { SpoonHTTP::redirect('index.php'); } $lat = SpoonFilter::getGetValue('lat', null, ''); $long = SpoonFilter::getGetValue('long', null, ''); $tpl->assign('formaction', $_SERVER['PHP_SELF'] . '?lat=' . $lat . '&long=' . $long); $msgFault = ''; $pubname = SpoonFilter::getPostValue('pubname', null, ''); if (SpoonFilter::getPostValue('btnAdd', null, '')) { if ($pubname === "") { $msgFault = "Please fill in the name of the pub."; } else { if ($lat !== "" && $long !== "") { $pub = new Pub(''); $pub->name = $pubname; $pub->latitude = $lat; $pub->longitude = $long; $id = $pub->Add();
/** * Validate the form */ private function validateForm() { // get settings $subscriptionsAllowed = isset($this->settings['allow_subscriptions']) && $this->settings['allow_subscriptions']; // subscriptions aren't allowed so we don't have to validate if (!$subscriptionsAllowed) { return false; } // is the form submitted if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // does the key exists? if (\SpoonSession::exists('agenda_subscription_' . $this->record['id'])) { // calculate difference $diff = time() - (int) \SpoonSession::get('agenda_subscription_' . $this->record['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->getField('message')->addError(FL::err('CommentTimeout')); } } // validate required fields $this->frm->getField('name')->isFilled(FL::err('NameIsRequired')); $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired')); // no errors? if ($this->frm->isCorrect()) { // get module setting $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation']; // reformat data $name = $this->frm->getField('name')->getValue(); $email = $this->frm->getField('email')->getValue(); // build array $subscription['agenda_id'] = $this->record['id']; $subscription['language'] = FRONTEND_LANGUAGE; $subscription['created_on'] = FrontendModel::getUTCDate(); $subscription['name'] = $name; $subscription['email'] = $email; $subscription['status'] = 'subscribed'; // get URL for article $permaLink = $this->record['full_url']; $redirectLink = $permaLink; // is moderation enabled if ($moderationEnabled) { // if the commenter isn't moderated before alter the subscription status so it will appear in the moderation queue if (!FrontendAgendaModel::isModerated($name, $email)) { $subscription['status'] = 'moderation'; } } // insert comment $subscription['id'] = FrontendAgendaModel::insertSubscription($subscription); // trigger event FrontendModel::triggerEvent('agenda', 'after_add_subscription', array('subscription' => $subscription)); // append a parameter to the URL so we can show moderation if (strpos($redirectLink, '?') === false) { if ($subscription['status'] == 'moderation') { $redirectLink .= '?subscription=moderation#' . FL::act('Subscribe'); } if ($subscription['status'] == 'subscribed') { $redirectLink .= '?subscription=true#subscription-' . $subscription['id']; } } else { if ($subscription['status'] == 'moderation') { $redirectLink .= '&subscription=moderation#' . FL::act('Subscribe'); } if ($subscription['status'] == 'subscribed') { $redirectLink .= '&subscription=true#comment-' . $subscription['id']; } } // set title $subscription['agenda_title'] = $this->record['title']; $subscription['agenda_url'] = $this->record['url']; // notify the admin FrontendAgendaModel::notifyAdmin($subscription); // store timestamp in session so we can block excessive usage \SpoonSession::set('agenda_subscription_' . $this->record['id'], time()); // store author-data in cookies try { Cookie::set('subscription_author', $name); Cookie::set('subscription_email', $email); } catch (Exception $e) { // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception } // redirect $this->redirect($redirectLink); } } }
/** * Show the success message */ private function showSuccess() { // assign variables $this->tpl->assign('url', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'fork.local'); $this->tpl->assign('email', SpoonSession::get('email')); $this->tpl->assign('password', SpoonSession::get('password')); }
/** * Start session */ private function initSession() { SpoonSession::start(); }
/** * Validate the form */ private function validateForm() { // get settings $commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments']; // comments aren't allowed so we don't have to validate if (!$commentsAllowed) { return false; } // is the form submitted if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // does the key exists? if (SpoonSession::exists('blog_comment_' . $this->record['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->getField('message')->addError(FL::err('CommentTimeout')); } } // validate required fields $this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired')); $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired')); $this->frm->getField('message')->isFilled(FL::err('MessageIsRequired')); // validate optional fields if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') { $this->frm->getField('website')->isURL(FL::err('InvalidURL')); } // no errors? if ($this->frm->isCorrect()) { // get module setting $spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter']; $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation']; // reformat data $author = $this->frm->getField('author')->getValue(); $email = $this->frm->getField('email')->getValue(); $website = $this->frm->getField('website')->getValue(); if (trim($website) == '' || $website == 'http://') { $website = null; } $text = $this->frm->getField('message')->getValue(); // build array $comment['post_id'] = $this->record['id']; $comment['language'] = FRONTEND_LANGUAGE; $comment['created_on'] = FrontendModel::getUTCDate(); $comment['author'] = $author; $comment['email'] = $email; $comment['website'] = $website; $comment['text'] = $text; $comment['status'] = 'published'; $comment['data'] = serialize(array('server' => $_SERVER)); // get URL for article $permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url']; $redirectLink = $permaLink; // is moderation enabled if ($moderationEnabled) { // if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue if (!FrontendBlogModel::isModerated($author, $email)) { $comment['status'] = 'moderation'; } } // should we check if the item is spam if ($spamFilterEnabled) { // check for spam $result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website); // if the comment is spam alter the comment status so it will appear in the spam queue if ($result) { $comment['status'] = 'spam'; } elseif ($result == 'unknown') { $comment['status'] = 'moderation'; } } // insert comment $comment['id'] = FrontendBlogModel::insertComment($comment); // trigger event FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment)); // append a parameter to the URL so we can show moderation if (strpos($redirectLink, '?') === false) { if ($comment['status'] == 'moderation') { $redirectLink .= '?comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '?comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '?comment=true#comment-' . $comment['id']; } } else { if ($comment['status'] == 'moderation') { $redirectLink .= '&comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '&comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '&comment=true#comment-' . $comment['id']; } } // set title $comment['post_title'] = $this->record['title']; $comment['post_url'] = $this->record['url']; // notify the admin FrontendBlogModel::notifyAdmin($comment); // store timestamp in session so we can block excesive usage SpoonSession::set('blog_comment_' . $this->record['id'], time()); // store author-data in cookies try { SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); } catch (Exception $e) { // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception } // redirect $this->redirect($redirectLink); } } }
/** * Parse the authentication settings for the authenticated user */ private function parseAuthentication() { // init var $db = BackendModel::getDB(); // get allowed actions $allowedActions = (array) $db->getRecords('SELECT gra.module, gra.action, MAX(gra.level) AS level FROM users_sessions AS us INNER JOIN users AS u ON us.user_id = u.id INNER JOIN users_groups AS ug ON u.id = ug.user_id INNER JOIN groups_rights_actions AS gra ON ug.group_id = gra.group_id WHERE us.session_id = ? AND us.secret_key = ? GROUP BY gra.module, gra.action', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key'))); // loop actions and assign to template foreach ($allowedActions as $action) { if ($action['level'] == '7') { $this->assign('show' . SpoonFilter::toCamelCase($action['module'], '_') . SpoonFilter::toCamelCase($action['action'], '_'), true); } } }
/** * Process the query string */ private function processQueryString() { // store the query string local, so we don't alter it. $queryString = trim($this->request->getPathInfo(), '/'); // split into chunks $chunks = (array) explode('/', $queryString); $hasMultiLanguages = $this->getContainer()->getParameter('site.multilanguage'); // single language if (!$hasMultiLanguages) { // set language id $language = $this->get('fork.settings')->get('Core', 'default_language', SITE_DEFAULT_LANGUAGE); } else { // multiple languages // default value $mustRedirect = false; // get possible languages $possibleLanguages = (array) Language::getActiveLanguages(); $redirectLanguages = (array) Language::getRedirectLanguages(); // the language is present in the URL if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) { // define language $language = (string) $chunks[0]; // try to set a cookie with the language try { // set cookie CommonCookie::set('frontend_language', $language); } catch (\SpoonCookieException $e) { // settings cookies isn't allowed, because this isn't a real problem we ignore the exception } // set sessions \SpoonSession::set('frontend_language', $language); // remove the language part array_shift($chunks); } elseif (CommonCookie::exists('frontend_language') && in_array(CommonCookie::get('frontend_language'), $redirectLanguages)) { // set languageId $language = (string) CommonCookie::get('frontend_language'); // redirect is needed $mustRedirect = true; } else { // default browser language // set languageId & abbreviation $language = Language::getBrowserLanguage(); // try to set a cookie with the language try { // set cookie CommonCookie::set('frontend_language', $language); } catch (\SpoonCookieException $e) { // settings cookies isn't allowed, because this isn't a real problem we ignore the exception } // redirect is needed $mustRedirect = true; } // redirect is required if ($mustRedirect) { // build URL // trim the first / from the query string to prevent double slashes $url = rtrim('/' . $language . '/' . trim($this->getQueryString(), '/'), '/'); // when we are just adding the language to the domain, it's a temporary redirect because // Safari keeps the 301 in cache, so the cookie to switch language doesn't work any more $redirectCode = $url == '/' . $language ? 302 : 301; // set header & redirect throw new RedirectException('Redirect', new RedirectResponse($url, $redirectCode)); } } // define the language defined('FRONTEND_LANGUAGE') || define('FRONTEND_LANGUAGE', $language); defined('LANGUAGE') || define('LANGUAGE', $language); // sets the locale file Language::setLocale($language); // list of pageIds & their full URL $keys = Navigation::getKeys(); // rebuild our URL, but without the language parameter. (it's tripped earlier) $url = implode('/', $chunks); $startURL = $url; // loop until we find the URL in the list of pages while (!in_array($url, $keys)) { // remove the last chunk array_pop($chunks); // redefine the URL $url = implode('/', $chunks); } // remove language from query string if ($hasMultiLanguages) { $queryString = trim(mb_substr($queryString, mb_strlen($language)), '/'); } // if it's the homepage AND parameters were given (not allowed!) if ($url == '' && $queryString != '') { // get 404 URL $url = Navigation::getURL(404); // remove language if ($hasMultiLanguages) { $url = str_replace('/' . $language, '', $url); } } // set pages $url = trim($url, '/'); // currently not in the homepage if ($url != '') { // explode in pages $pages = explode('/', $url); // reset pages $this->setPages($pages); // reset parameters $this->setParameters(array()); } // set parameters $parameters = trim(mb_substr($startURL, mb_strlen($url)), '/'); // has at least one parameter if ($parameters != '') { // parameters will be separated by / $parameters = explode('/', $parameters); // set parameters $this->setParameters($parameters); } // pageId, parentId & depth $pageId = Navigation::getPageId(implode('/', $this->getPages())); $pageInfo = Navigation::getPageInfo($pageId); // invalid page, or parameters but no extra if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) { // get 404 URL $url = Navigation::getURL(404); // remove language if ($hasMultiLanguages) { $url = str_replace('/' . $language, '', $url); } // remove the first slash $url = trim($url, '/'); // currently not in the homepage if ($url != '') { // explode in pages $pages = explode('/', $url); // reset pages $this->setPages($pages); // reset parameters $this->setParameters(array()); } } // is this an internal redirect? if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') { // get url for item $newPageURL = Navigation::getURL((int) $pageInfo['redirect_page_id']); $errorURL = Navigation::getURL(404); // not an error? if ($newPageURL != $errorURL) { // redirect throw new RedirectException('Redirect', new RedirectResponse($newPageURL, $pageInfo['redirect_code'])); } } // is this an external redirect? if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') { // redirect throw new RedirectException('Redirect', new RedirectResponse($pageInfo['redirect_url'], $pageInfo['redirect_code'])); } }
<?php date_default_timezone_set('Europe/Berlin'); // set include path ini_set("include_path", ".:../library/"); // required classes require_once 'spoon/spoon.php'; require_once 'publicApp/publicApp.php'; $tpl = new SpoonTemplate(); $tpl->setForceCompile(true); $tpl->setCompileDirectory('./compiled_templates'); //Content layout $pub = new Pub(SpoonFilter::getGetValue('id', null, '')); if (SpoonSession::exists('public_uid')) { //show logout $tpl->assign('oLogout', true); } if ($pub->pub_id === null) { SpoonHTTP::redirect('index.php'); } $recent = CheckIn::getCheckinsByPubId($pub->pub_id); for ($i = 0; $i < sizeof($recent); $i++) { $recent[$i]['timestamp'] = SpoonDate::getTimeAgo(strtotime($recent[$i]['timestamp'])); //check if the user has a fb account authenticated if (!$recent[$i]['fb_uid']) { //else, use standard fb icon $recent[$i]['fb_uid'] = 1; } } if ($recent !== null) { $tpl->assign('oRecent', true);
/** * Validate the form based on the variables in $_POST */ private function validateForm() { // form submitted if ($this->frm->isSubmitted()) { // multiple languages if ($this->frm->getField('language_type')->getValue() == 'multiple') { // list of languages $languages = $this->frm->getField('languages')->getValue(); // default language if (!in_array($this->frm->getField('default_language')->getValue(), $languages)) { $this->frm->getField('default_language')->setError('Your default language needs to be in the list of languages you chose.'); } } else { // list of languages $languages = (array) array($this->frm->getField('default_language')->getValue()); } // same cms interface language if ($this->frm->getField('same_interface_language')->getChecked()) { // list of languages $interfaceLanguages = $languages; } else { // list of languages $interfaceLanguages = $this->frm->getField('interface_languages')->getValue(); } // default language if (!in_array($this->frm->getField('default_interface_language')->getValue(), $interfaceLanguages)) { $this->frm->getField('default_interface_language')->setError('Your default language needs to be in the list of languages you chose.'); } // all valid if ($this->frm->isCorrect()) { // set languages SpoonSession::set('default_language', $this->frm->getField('default_language')->getValue()); SpoonSession::set('default_interface_language', $this->frm->getField('default_interface_language')->getValue()); SpoonSession::set('multiple_languages', $this->frm->getField('language_type')->getValue() == 'multiple' ? true : false); SpoonSession::set('languages', $languages); SpoonSession::set('interface_languages', $interfaceLanguages); // redirect SpoonHTTP::redirect('index.php?step=4'); } } }
/** * Parse the datagrids and the reports. */ protected function parse() { parent::parse(); // parse data grid $this->tpl->assign('dataGridInstallableModules', (string) $this->dataGridInstallableModules->getContent()); $this->tpl->assign('dataGridInstalledModules', (string) $this->dataGridInstalledModules->getContent()); // parse installer warnings $this->tpl->assign('warnings', (array) \SpoonSession::get('installer_warnings')); }
} if (!defined('PAGING_LIMIT')) { define('PAGING_LIMIT', 30); } //time zone date_default_timezone_set('Asia/Kuala_Lumpur'); //include Spoon Library reqFile(CM_ROOT . '/cm_includes/spoon/spoon.php'); //error_reporting level if (defined('SPOON_DEBUG') && SPOON_DEBUG == true) { error_reporting(E_ALL); } else { error_reporting(0); } //load SpoonSession SpoonSession::start(); //include auth library reqFile(CM_ROOT . '/cm_includes/auth.class.php'); if (defined("IN_API") && IN_API == true) { if (!cmAuth::md5_verify($_POST['adminname'], $_POST['adminpw'])) { die; } } elseif (defined('IN_LOGIN') && defined('IN_IMAGE')) { } elseif (defined("IN_LOGIN") && IN_LOGIN == true) { reqFile(CM_ROOT . '/cm_includes/securimage/securimage.php'); $securimage = new Securimage(); } elseif (defined("IN_ADMIN") && IN_ADMIN == true) { if (!cmAuth::is_logined()) { header('Location: ' . CM_URL . '/cm_admin/login.php'); } } elseif (defined('IN_IMAGE') && IN_IMAGE == true) {
/** * Set start and end timestamp needed to collect analytics data */ private function setDates() { BackendAnalyticsHelper::setDates(); $this->startTimestamp = SpoonSession::get('analytics_start_timestamp'); $this->endTimestamp = SpoonSession::get('analytics_end_timestamp'); }
/** * Logsout the current user * * @return void */ public static function logout() { // remove all rows owned by the current user BackendModel::getDB(true)->delete('users_sessions', 'session_id = ?', SpoonSession::getSessionId()); // reset values. We can't destroy the session because session-data can be used on the site. SpoonSession::set('backend_logged_in', false); SpoonSession::set('backend_secret_key', ''); }
/** * Process the querystring * * @return void */ private function processQueryString() { // store the querystring local, so we don't alter it. $queryString = $this->getQueryString(); // fix GET-parameters $getChunks = explode('?', $queryString); // are there GET-parameters if (isset($getChunks[1])) { // get key-value pairs $get = explode('&', $getChunks[1]); // remove from querystring $queryString = str_replace('?' . $getChunks[1], '', $this->getQueryString()); // loop pairs foreach ($get as $getItem) { // get key and value $getChunks = explode('=', $getItem, 2); // key available? if (isset($getChunks[0])) { // reset in $_GET $_GET[$getChunks[0]] = isset($getChunks[1]) ? (string) $getChunks[1] : ''; // add into parameters if (isset($getChunks[1])) { $this->parameters[(string) $getChunks[0]] = (string) $getChunks[1]; } } } } // split into chunks $chunks = (array) explode('/', $queryString); // single language if (!SITE_MULTILANGUAGE) { // set language id $language = FrontendModel::getModuleSetting('core', 'default_language', SITE_DEFAULT_LANGUAGE); } else { // default value $mustRedirect = false; // get possible languages $possibleLanguages = (array) FrontendLanguage::getActiveLanguages(); $redirectLanguages = (array) FrontendLanguage::getRedirectLanguages(); // the language is present in the URL if (isset($chunks[0]) && in_array($chunks[0], $possibleLanguages)) { // define language $language = (string) $chunks[0]; // try to set a cookie with the language try { // set cookie SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain()); } catch (SpoonCookieException $e) { // settings cookies isn't allowed, because this isn't a real problem we ignore the exception } // set sessions SpoonSession::set('frontend_language', $language); // remove the language part array_shift($chunks); } elseif (SpoonCookie::exists('frontend_language') && in_array(SpoonCookie::get('frontend_language'), $redirectLanguages)) { // set languageId $language = (string) SpoonCookie::get('frontend_language'); // redirect is needed $mustRedirect = true; } else { // set languageId & abbreviation $language = FrontendLanguage::getBrowserLanguage(); // try to set a cookie with the language try { // set cookie SpoonCookie::set('frontend_language', $language, 7 * 24 * 60 * 60, '/', '.' . $this->getDomain()); } catch (SpoonCookieException $e) { // settings cookies isn't allowed, because this isn't a real problem we ignore the exception } // redirect is needed $mustRedirect = true; } // redirect is required if ($mustRedirect) { // build URL $URL = rtrim('/' . $language . '/' . $this->getQueryString(), '/'); // set header & redirect SpoonHTTP::redirect($URL, 301); } } // define the language define('FRONTEND_LANGUAGE', $language); // sets the localefile FrontendLanguage::setLocale($language); // list of pageIds & their full URL $keys = FrontendNavigation::getKeys(); // full URL $URL = implode('/', $chunks); $startURL = $URL; // loop until we find the URL in the list of pages while (!in_array($URL, $keys)) { // remove the last chunk array_pop($chunks); // redefine the URL $URL = implode('/', $chunks); } // remove language from querystring if (SITE_MULTILANGUAGE) { $queryString = trim(substr($queryString, strlen($language)), '/'); } // if it's the homepage AND parameters were given (not allowed!) if ($URL == '' && $queryString != '') { // get 404 URL $URL = FrontendNavigation::getURL(404); // remove language if (SITE_MULTILANGUAGE) { $URL = str_replace('/' . $language, '', $URL); } } // set pages $URL = trim($URL, '/'); // currently not in the homepage if ($URL != '') { // explode in pages $pages = explode('/', $URL); // reset pages $this->setPages($pages); // reset parameters $this->setParameters(array()); } // set parameters $parameters = trim(substr($startURL, strlen($URL)), '/'); // has at least one parameter if ($parameters != '') { // parameters will be separated by / $parameters = explode('/', $parameters); // set parameters $this->setParameters($parameters); } // pageId, parentId & depth $pageId = FrontendNavigation::getPageId(implode('/', $this->getPages())); $pageInfo = FrontendNavigation::getPageInfo($pageId); // invalid page, or parameters but no extra if ($pageInfo === false || !empty($parameters) && !$pageInfo['has_extra']) { // get 404 URL $URL = FrontendNavigation::getURL(404); // remove language if (SITE_MULTILANGUAGE) { $URL = trim(str_replace('/' . $language, '', $URL), '/'); } // currently not in the homepage if ($URL != '') { // explode in pages $pages = explode('/', $URL); // reset pages $this->setPages($pages); // reset parameters $this->setParameters(array()); } } // is this an internal redirect? if (isset($pageInfo['redirect_page_id']) && $pageInfo['redirect_page_id'] != '') { // get url for item $newPageURL = FrontendNavigation::getURL((int) $pageInfo['redirect_page_id']); $errorURL = FrontendNavigation::getURL(404); // not an error? if ($newPageURL != $errorURL) { // redirect SpoonHTTP::redirect($newPageURL, $pageInfo['redirect_code']); } } // is this an external redirect? if (isset($pageInfo['redirect_url']) && $pageInfo['redirect_url'] != '') { // redirect SpoonHTTP::redirect($pageInfo['redirect_url'], $pageInfo['redirect_code']); } }
/** * Load a user by his e-mail adress * * @param string $email The email of the user to load. * * @throws Exception If user cannot be loaded */ public function loadUserByEmail($email) { $email = (string) $email; $db = BackendModel::getContainer()->get('database'); // get user-data $userData = (array) $db->getRecord('SELECT u.id, u.email, u.is_god, us.session_id, us.secret_key, UNIX_TIMESTAMP(us.date) AS date FROM users AS u LEFT OUTER JOIN users_sessions AS us ON u.id = us.user_id AND us.session_id = ? WHERE u.email = ? LIMIT 1', array(\SpoonSession::getSessionId(), $email)); // if there is no data we have to destroy this object, I know this isn't a realistic situation if (empty($userData)) { throw new Exception('user (' . $email . ') can\'t be loaded.'); } // set properties $this->setUserId($userData['id']); $this->setEmail($userData['email']); $this->setSessionId($userData['session_id']); $this->setSecretKey($userData['secret_key']); $this->setLastloggedInDate($userData['date']); $this->isAuthenticated = true; $this->isGod = $userData['is_god'] == 'Y'; $this->loadGroups($userData['id']); // get settings $settings = (array) $db->getPairs('SELECT us.name, us.value FROM users_settings AS us INNER JOIN users AS u ON us.user_id = u.id WHERE u.email = ?', array($email)); // loop settings and store them in the object foreach ($settings as $key => $value) { $this->settings[$key] = unserialize($value); } // nickname available? if (!isset($this->settings['nickname']) || $this->settings['nickname'] == '') { $this->setSetting('nickname', $this->settings['name'] . ' ' . $this->settings['surname']); } }
$tpl->assign('longitude', $latestCheckIn->pub->longitude); $tpl->assign('latitude', $latestCheckIn->pub->latitude); $tpl->assign('people', $latestCheckIn->pub->getNumberPeople()); $tpl->assign('checkins', $latestCheckIn->pub->getNumberCheckins()); $tabs = $latestCheckIn->getTabs(); if ($tabs[0] !== null) { $tpl->assign('iTabs', $tabs); $tpl->assign('oTabs', true); } else { $tpl->assign('iTabs', array()); $tpl->assign('oNoTabs', true); } //}else{ // $tpl->assign('oNoCheckIn', true); //} $user = new User(SpoonSession::exists('id')); if ($user->weight !== null && $user->gender !== null) { if ($daysAgo > 0) { $timeAgo = $daysAgo * 12 - $timeAgo; } $drinks = $latestCheckIn->getNumberTabs(); $isLegal = $user->isLegalToDrive((int) $drinks["count"], $timeAgo); if ($isLegal) { $tpl->assign('oLegalToDrive', true); } else { $tpl->assign('oNotLegalToDrive', true); } } else { $tpl->assign('oNotAbleLegalToDrive', true); } // show the output