/**
* Execute the action
*/
public function execute()
{
parent::execute();
// get parameters
$charset = $this->getContainer()->getParameter('kernel.charset');
$searchTerm = \SpoonFilter::getPostValue('term', null, '');
$term = $charset == 'utf-8' ? \SpoonFilter::htmlspecialchars($searchTerm) : \SpoonFilter::htmlentities($searchTerm);
// validate search term
if ($term == '') {
$this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
} else {
// previous search result
$previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : '';
\SpoonSession::set('searchTerm', '');
// save this term?
if ($previousTerm != $term) {
// format data
$this->statistics = array();
$this->statistics['term'] = $term;
$this->statistics['language'] = LANGUAGE;
$this->statistics['time'] = FrontendModel::getUTCDate();
$this->statistics['data'] = serialize(array('server' => $_SERVER));
$this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
// save data
FrontendSearchModel::save($this->statistics);
}
// save current search term in cookie
\SpoonSession::set('searchTerm', $term);
// output
$this->output(self::OK);
}
}
/**
* Execute the action
*
* @return void
*/
public function execute()
{
// call parent, this will probably add some general CSS/JS or other required files
parent::execute();
// get parameters
$term = SpoonFilter::getGetValue('term', null, '');
// validate
if ($term == '') {
$this->output(self::BAD_REQUEST, null, 'term-parameter is missing.');
}
// previous search result
$previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : '';
SpoonSession::set('searchTerm', '');
// save this term?
if ($previousTerm != $term) {
// format data
$this->statistics = array();
$this->statistics['term'] = $term;
$this->statistics['language'] = FRONTEND_LANGUAGE;
$this->statistics['time'] = FrontendModel::getUTCDate();
$this->statistics['data'] = serialize(array('server' => $_SERVER));
$this->statistics['num_results'] = FrontendSearchModel::getTotal($term);
// save data
FrontendSearchModel::save($this->statistics);
}
// save current search term in cookie
SpoonSession::set('searchTerm', $term);
// output
$this->output(self::OK);
}
/**
* Loads the form.
*/
private function loadForm()
{
// init var
$modules = array();
$checkedModules = SpoonSession::exists('modules') ? SpoonSession::get('modules') : array();
// loop required modules
foreach ($this->modules['required'] as $module) {
// add to the list
$modules[] = array('label' => SpoonFilter::toCamelCase($module), 'value' => $module, 'attributes' => array('disabled' => 'disabled'));
// update $_POST if needed
if (!isset($_POST['modules']) || !is_array($_POST['modules']) || !in_array($module, $_POST['modules'])) {
$_POST['modules'][] = $module;
}
}
// loop optional modules
foreach ($this->modules['optional'] as $module) {
// add to the list
$modules[] = array('label' => SpoonFilter::toCamelCase($module), 'value' => $module);
}
// add multi checkbox
$this->frm->addMultiCheckbox('modules', $modules, array_unique(array_merge($this->modules['required'], $checkedModules)));
// example data
$this->frm->addCheckbox('example_data', SpoonSession::exists('example_data') ? SpoonSession::get('example_data') : true);
// debug mode
$this->frm->addCheckbox('debug_mode', SpoonSession::exists('debug_mode') ? SpoonSession::get('debug_mode') : false);
// specific debug email address
$this->frm->addCheckbox('different_debug_email', SpoonSession::exists('different_debug_email') ? SpoonSession::get('different_debug_email') : false);
// specific debug email address text
$this->frm->addText('debug_email', SpoonSession::exists('debug_email') ? SpoonSession::get('debug_email') : '');
}
/**
* Check if the token is ok
*/
public function checkToken()
{
$fromSession = \SpoonSession::exists('csrf_token') ? \SpoonSession::get('csrf_token') : '';
$fromGet = \SpoonFilter::getGetValue('token', null, '');
if ($fromSession != '' && $fromGet != '' && $fromSession == $fromGet) {
return;
}
// clear the token
\SpoonSession::set('csrf_token', '');
$this->redirect(BackendModel::createURLForAction('Index', null, null, array('error' => 'csrf')));
}
/**
* Loads the form.
*
* @return void
*/
private function loadForm()
{
// guess email
$host = $_SERVER['HTTP_HOST'];
$this->frm->addText('email', SpoonSession::exists('email') ? SpoonSession::get('email') : 'info@' . $host);
$this->frm->addPassword('password', SpoonSession::exists('password') ? SpoonSession::get('password') : null, null, 'inputPassword', 'inputPasswordError', true);
$this->frm->addPassword('confirm', SpoonSession::exists('confirm') ? SpoonSession::get('confirm') : null, null, 'inputPassword', 'inputPasswordError', true);
// disable autocomplete
$this->frm->getField('password')->setAttributes(array('autocomplete' => 'off'));
$this->frm->getField('confirm')->setAttributes(array('autocomplete' => 'off'));
}
/**
* Loads the form.
*/
private function loadForm()
{
// seperate frontend/backend languages?
$this->frm->addCheckbox('same_interface_language', SpoonSession::exists('same_interface_language') ? SpoonSession::get('same_interface_language') : true);
// multiple or single language (frontend)
$this->frm->addRadiobutton('language_type', array(array('value' => 'multiple', 'label' => 'Multiple languages', 'variables' => array('multiple' => true)), array('value' => 'single', 'label' => 'Just one language', 'variables' => array('single' => true))), SpoonSession::exists('multiple_languages') && SpoonSession::get('multiple_languages') ? 'multiple' : 'single');
// multiple languages (frontend)
$this->frm->addMultiCheckbox('languages', array(array('value' => 'en', 'label' => 'English'), array('value' => 'cn', 'label' => 'Chinese'), array('value' => 'nl', 'label' => 'Dutch'), array('value' => 'fr', 'label' => 'French'), array('value' => 'de', 'label' => 'German'), array('value' => 'hu', 'label' => 'Hungarian'), array('value' => 'it', 'label' => 'Italian'), array('value' => 'ru', 'label' => 'Russian'), array('value' => 'es', 'label' => 'Spanish')), SpoonSession::exists('languages') ? SpoonSession::get('languages') : 'en');
// multiple languages (backend)
$this->frm->addMultiCheckbox('interface_languages', array(array('value' => 'en', 'label' => 'English'), array('value' => 'cn', 'label' => 'Chinese'), array('value' => 'nl', 'label' => 'Dutch'), array('value' => 'fr', 'label' => 'French'), array('value' => 'de', 'label' => 'German'), array('value' => 'hu', 'label' => 'Hungarian'), array('value' => 'it', 'label' => 'Italian'), array('value' => 'ru', 'label' => 'Russian'), array('value' => 'es', 'label' => 'Spanish')), SpoonSession::exists('interface_languages') ? SpoonSession::get('interface_languages') : 'en');
// single language (frontend)
$this->frm->addDropdown('language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_language') ? SpoonSession::get('default_language') : 'en');
// default language (frontend)
$this->frm->addDropdown('default_language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_language') ? SpoonSession::get('default_language') : 'en');
// default language (backend)
$this->frm->addDropdown('default_interface_language', array('en' => 'English', 'cn' => 'Chinese', 'nl' => 'Dutch', 'fr' => 'French', 'de' => 'German', 'hu' => 'Hungarian', 'it' => 'Italian', 'ru' => 'Russian', 'es' => 'Spanish'), SpoonSession::exists('default_interface_language') ? SpoonSession::get('default_interface_language') : 'en');
}
/**
* Loads the form.
*/
private function loadForm()
{
// guess db & username
$host = $_SERVER['HTTP_HOST'];
$chunks = explode('.', $host);
// seems like windows can't handle localhost...
$dbHost = substr(PHP_OS, 0, 3) == 'WIN' ? '127.0.0.1' : 'localhost';
// remove tld
array_pop($chunks);
// create base
$base = implode('_', $chunks);
// create input fields
$this->frm->addText('hostname', SpoonSession::exists('db_hostname') ? SpoonSession::get('db_hostname') : $dbHost);
$this->frm->addText('port', SpoonSession::exists('db_port') ? SpoonSession::get('db_port') : 3306, 10);
$this->frm->addText('database', SpoonSession::exists('db_database') ? SpoonSession::get('db_database') : $base);
$this->frm->addText('username', SpoonSession::exists('db_username') ? SpoonSession::get('db_username') : $base);
$this->frm->addPassword('password', SpoonSession::exists('db_password') ? SpoonSession::get('db_password') : null);
}
/**
* Init database.
*/
public function initDatabase()
{
// get port
$port = SpoonSession::exists('db_port') && SpoonSession::get('db_port') != '' ? SpoonSession::get('db_port') : 3306;
// database instance
$this->db = new SpoonDatabase('mysql', SpoonSession::get('db_hostname'), SpoonSession::get('db_username'), SpoonSession::get('db_password'), SpoonSession::get('db_database'), $port);
// utf8 compliance & MySQL-timezone
$this->db->execute('SET CHARACTER SET utf8, NAMES utf8, time_zone = "+0:00"');
// store
Spoon::set('database', $this->db);
}
/**
* Validate the form
*/
private function validateForm()
{
// get settings
$subscriptionsAllowed = isset($this->settings['allow_subscriptions']) && $this->settings['allow_subscriptions'];
// subscriptions aren't allowed so we don't have to validate
if (!$subscriptionsAllowed) {
return false;
}
// is the form submitted
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// does the key exists?
if (\SpoonSession::exists('agenda_subscription_' . $this->record['id'])) {
// calculate difference
$diff = time() - (int) \SpoonSession::get('agenda_subscription_' . $this->record['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->getField('message')->addError(FL::err('CommentTimeout'));
}
}
// validate required fields
$this->frm->getField('name')->isFilled(FL::err('NameIsRequired'));
$this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
// no errors?
if ($this->frm->isCorrect()) {
// get module setting
$moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
// reformat data
$name = $this->frm->getField('name')->getValue();
$email = $this->frm->getField('email')->getValue();
// build array
$subscription['agenda_id'] = $this->record['id'];
$subscription['language'] = FRONTEND_LANGUAGE;
$subscription['created_on'] = FrontendModel::getUTCDate();
$subscription['name'] = $name;
$subscription['email'] = $email;
$subscription['status'] = 'subscribed';
// get URL for article
$permaLink = $this->record['full_url'];
$redirectLink = $permaLink;
// is moderation enabled
if ($moderationEnabled) {
// if the commenter isn't moderated before alter the subscription status so it will appear in the moderation queue
if (!FrontendAgendaModel::isModerated($name, $email)) {
$subscription['status'] = 'moderation';
}
}
// insert comment
$subscription['id'] = FrontendAgendaModel::insertSubscription($subscription);
// trigger event
FrontendModel::triggerEvent('agenda', 'after_add_subscription', array('subscription' => $subscription));
// append a parameter to the URL so we can show moderation
if (strpos($redirectLink, '?') === false) {
if ($subscription['status'] == 'moderation') {
$redirectLink .= '?subscription=moderation#' . FL::act('Subscribe');
}
if ($subscription['status'] == 'subscribed') {
$redirectLink .= '?subscription=true#subscription-' . $subscription['id'];
}
} else {
if ($subscription['status'] == 'moderation') {
$redirectLink .= '&subscription=moderation#' . FL::act('Subscribe');
}
if ($subscription['status'] == 'subscribed') {
$redirectLink .= '&subscription=true#comment-' . $subscription['id'];
}
}
// set title
$subscription['agenda_title'] = $this->record['title'];
$subscription['agenda_url'] = $this->record['url'];
// notify the admin
FrontendAgendaModel::notifyAdmin($subscription);
// store timestamp in session so we can block excessive usage
\SpoonSession::set('agenda_subscription_' . $this->record['id'], time());
// store author-data in cookies
try {
Cookie::set('subscription_author', $name);
Cookie::set('subscription_email', $email);
} catch (Exception $e) {
// settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
}
// redirect
$this->redirect($redirectLink);
}
}
}
$tpl->assign('longitude', $latestCheckIn->pub->longitude);
$tpl->assign('latitude', $latestCheckIn->pub->latitude);
$tpl->assign('people', $latestCheckIn->pub->getNumberPeople());
$tpl->assign('checkins', $latestCheckIn->pub->getNumberCheckins());
$tabs = $latestCheckIn->getTabs();
if ($tabs[0] !== null) {
$tpl->assign('iTabs', $tabs);
$tpl->assign('oTabs', true);
} else {
$tpl->assign('iTabs', array());
$tpl->assign('oNoTabs', true);
}
//}else{
// $tpl->assign('oNoCheckIn', true);
//}
$user = new User(SpoonSession::exists('id'));
if ($user->weight !== null && $user->gender !== null) {
if ($daysAgo > 0) {
$timeAgo = $daysAgo * 12 - $timeAgo;
}
$drinks = $latestCheckIn->getNumberTabs();
$isLegal = $user->isLegalToDrive((int) $drinks["count"], $timeAgo);
if ($isLegal) {
$tpl->assign('oLegalToDrive', true);
} else {
$tpl->assign('oNotLegalToDrive', true);
}
} else {
$tpl->assign('oNotAbleLegalToDrive', true);
}
// show the output
/**
* Is the current user logged in?
*
* @return bool
*/
public static function isLoggedIn()
{
if (BackendModel::getContainer()->has('logged_in')) {
return BackendModel::getContainer()->get('logged_in');
}
// check if all needed values are set in the session
// @todo could be written by SpoonSession::get (since that no longer throws exceptions)
if (\SpoonSession::exists('backend_logged_in', 'backend_secret_key') && (bool) \SpoonSession::get('backend_logged_in') && (string) \SpoonSession::get('backend_secret_key') != '') {
// get database instance
$db = BackendModel::get('database');
// get the row from the tables
$sessionData = $db->getRecord('SELECT us.id, us.user_id
FROM users_sessions AS us
WHERE us.session_id = ? AND us.secret_key = ?
LIMIT 1', array(\SpoonSession::getSessionId(), \SpoonSession::get('backend_secret_key')));
// if we found a matching row, we know the user is logged in, so we update his session
if ($sessionData !== null) {
// update the session in the table
$db->update('users_sessions', array('date' => BackendModel::getUTCDate()), 'id = ?', (int) $sessionData['id']);
// create a user object, it will handle stuff related to the current authenticated user
self::$user = new User($sessionData['user_id']);
// the user is logged on
BackendModel::getContainer()->set('logged_in', true);
return true;
}
}
// no data found, so f**k up the session, will be handled later on in the code
\SpoonSession::set('backend_logged_in', false);
BackendModel::getContainer()->set('logged_in', false);
\SpoonSession::set('backend_secret_key', '');
return false;
}
<?php
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
SpoonSession::start();
//Content layout
if (SpoonSession::exists('id') === false) {
SpoonHTTP::redirect('index.php');
}
$lat = SpoonFilter::getGetValue('lat', null, '');
$long = SpoonFilter::getGetValue('long', null, '');
$tpl->assign('formaction', $_SERVER['PHP_SELF'] . '?lat=' . $lat . '&long=' . $long);
$msgFault = '';
$pubname = SpoonFilter::getPostValue('pubname', null, '');
if (SpoonFilter::getPostValue('btnAdd', null, '')) {
if ($pubname === "") {
$msgFault = "Please fill in the name of the pub.";
} else {
if ($lat !== "" && $long !== "") {
$pub = new Pub('');
$pub->name = $pubname;
$pub->latitude = $lat;
$pub->longitude = $long;
$id = $pub->Add();
/**
* Install a module.
*
* @param string $module The name of the module to be installed.
* @param array $information Warnings from the upload of the module.
*/
public static function installModule($module, array $warnings = array())
{
// we need the installer
require_once BACKEND_CORE_PATH . '/installer/installer.php';
require_once BACKEND_MODULES_PATH . '/' . $module . '/installer/installer.php';
// installer class name
$class = SpoonFilter::toCamelCase($module) . 'Installer';
// possible variables available for the module installers
$variables = array();
// run installer
$installer = new $class(BackendModel::getDB(true), BL::getActiveLanguages(), array_keys(BL::getInterfaceLanguages()), false, $variables);
// execute installation
$installer->install();
// add the warnings
foreach ($warnings as $warning) {
$installer->addWarning($warning);
}
// save the warnings in session for later use
if ($installer->getWarnings()) {
$warnings = SpoonSession::exists('installer_warnings') ? SpoonSession::get('installer_warnings') : array();
$warnings = array_merge($warnings, array('module' => $module, 'warnings' => $installer->getWarnings()));
SpoonSession::set('installer_warnings', $warnings);
}
// clear the cache so locale (and so much more) gets rebuilt
self::clearCache();
}
/**
* Validate the form.
*/
private function validateForm()
{
// submitted
if ($this->frm->isSubmitted()) {
// does the key exists?
if (SpoonSession::exists('formbuilder_' . $this->item['id'])) {
// calculate difference
$diff = time() - (int) SpoonSession::get('formbuilder_' . $this->item['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->addError(FL::err('FormTimeout'));
}
}
// validate fields
foreach ($this->item['fields'] as $field) {
// fieldname
$fieldName = 'field' . $field['id'];
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// loop other validations
foreach ($field['validations'] as $rule => $settings) {
// already has an error so skip
if ($this->frm->getField($fieldName)->getErrors() !== null) {
continue;
}
// required
if ($rule == 'required') {
$this->frm->getField($fieldName)->isFilled($settings['error_message']);
} elseif ($rule == 'email') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isEmail($settings['error_message']);
}
} elseif ($rule == 'numeric') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isNumeric($settings['error_message']);
}
}
}
}
// valid form
if ($this->frm->isCorrect()) {
// item
$data['form_id'] = $this->item['id'];
$data['session_id'] = SpoonSession::getSessionId();
$data['sent_on'] = FrontendModel::getUTCDate();
$data['data'] = serialize(array('server' => $_SERVER));
// insert data
$dataId = FrontendFormBuilderModel::insertData($data);
// init fields array
$fields = array();
// loop all fields
foreach ($this->item['fields'] as $field) {
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// field data
$fieldData['data_id'] = $dataId;
$fieldData['label'] = $field['settings']['label'];
$fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
// prepare fields for email
if ($this->item['method'] == 'database_email') {
// add field for email
$emailFields[] = array('label' => $field['settings']['label'], 'value' => is_array($fieldData['value']) ? implode(',', $fieldData['value']) : nl2br($fieldData['value']));
}
// clean up
if (is_array($fieldData['value']) && empty($fieldData['value'])) {
$fieldData['value'] = null;
}
// serialize
if ($fieldData['value'] !== null) {
$fieldData['value'] = serialize($fieldData['value']);
}
// save fields data
$fields[] = $fieldData;
// insert
FrontendFormBuilderModel::insertDataField($fieldData);
}
// need to send mail
if ($this->item['method'] == 'database_email') {
// build variables
$variables['sentOn'] = time();
$variables['name'] = $this->item['name'];
$variables['fields'] = $emailFields;
// loop recipients
foreach ($this->item['email'] as $address) {
// add email
FrontendMailer::addEmail(sprintf(FL::getMessage('FormBuilderSubject'), $this->item['name']), FRONTEND_MODULES_PATH . '/form_builder/layout/templates/mails/form.tpl', $variables, $address, $this->item['name']);
}
}
// trigger event
FrontendModel::triggerEvent('form_builder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
// store timestamp in session so we can block excesive usage
SpoonSession::set('formbuilder_' . $this->item['id'], time());
// redirect
$redirect = SITE_URL . '/' . $this->URL->getQueryString();
$redirect .= stripos($redirect, '?') === false ? '?' : '&';
$redirect .= 'identifier=' . $this->item['identifier'];
// redirect with identifier
SpoonHTTP::redirect($redirect);
} else {
// global form errors set
if ($this->frm->getErrors() != '') {
$this->tpl->assign('formBuilderError', $this->frm->getErrors());
} else {
$this->tpl->assign('formBuilderError', FL::err('FormError'));
}
}
}
}
<?php
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
// do I know you?
if (SpoonSession::exists('public_uid')) {
$tpl->assign('oLogout', true);
$tpl->assign('oNavMe', true);
$uid = SpoonSession::get('public_uid');
$user = new User($uid);
if ($user->GetFollowing() != null) {
$values = $user->GetFollowing();
$following = array();
foreach ($values as $value) {
$userFollowing = new User($value['friend']);
if ($userFollowing->fb_uid == null) {
$userFollowing->fb_uid = 1;
}
array_push($following, get_object_vars($userFollowing));
}
$tpl->assign('oFollowing', true);
$tpl->assign('iFollowing', $following);
} else {
$tpl->assign('oNoFollowing', true);
date_default_timezone_set('Europe/Berlin');
// set include path
ini_set("include_path", ".:../../library/");
// required classes
require_once 'spoon/spoon.php';
require_once 'publicApp/publicApp.php';
$tpl = new SpoonTemplate();
$tpl->setForceCompile(true);
$tpl->setCompileDirectory('./compiled_templates');
$tpl->assign('formaction', $_SERVER['PHP_SELF']);
SpoonSession::start();
//Content layout
$latestCheckIn = CheckIn::getLatestCheckinByUserId(SpoonSession::get('id'));
$timeAgo = SpoonDate::getDate("H:i:s", strtotime($latestCheckIn->timestamp)) - SpoonDate::getDate("H:i:s");
$user = new User(SpoonFilter::getGetValue('id', null, ''));
if ($user->user_id === null || SpoonSession::exists('id') === false) {
SpoonHTTP::redirect('index.php');
}
$recent = $user->getRecentUserDrinks($user->user_id);
for ($i = 0; $i < sizeof($recent); $i++) {
$recent[$i]['timestamp'] = SpoonDate::getTimeAgo(strtotime($recent[$i]['timestamp']));
if (!$recent[$i]['fb_uid']) {
//else, use standard fb icon
$recent[$i]['fb_uid'] = 1;
$user->fb_uid = 1;
}
}
if ($recent !== null) {
$tpl->assign('oRecent', true);
$tpl->assign('iRecent', $recent);
} else {
/**
* Validate the forms
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$txtEmail = $this->frm->getField('backend_email');
$txtPassword = $this->frm->getField('backend_password');
// required fields
if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
// add error
$this->frm->addError('fields required');
// show error
$this->tpl->assign('hasError', true);
}
// invalid form-token?
if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('400 Bad Request', true, 400);
}
}
// all fields are ok?
if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
// try to login the user
if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
// add error
$this->frm->addError('invalid login');
// store attempt in session
$current = SpoonSession::exists('backend_login_attempts') ? (int) SpoonSession::get('backend_login_attempts') : 0;
// increment and store
SpoonSession::set('backend_login_attempts', ++$current);
// show error
$this->tpl->assign('hasError', true);
}
}
// check sessions
if (SpoonSession::exists('backend_login_attempts') && (int) SpoonSession::get('backend_login_attempts') >= 5) {
// get previous attempt
$previousAttempt = SpoonSession::exists('backend_last_attempt') ? SpoonSession::get('backend_last_attempt') : time();
// calculate timeout
$timeout = 5 * (SpoonSession::get('backend_login_attempts') - 4);
// too soon!
if (time() < $previousAttempt + $timeout) {
// sleep untill the user can login again
sleep($timeout);
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('503 Service Unavailable', true, 503);
}
} else {
// increment and store
SpoonSession::set('backend_last_attempt', time());
}
// too many attempts
$this->frm->addEditor('too many attempts');
// show error
$this->tpl->assign('hasTooManyAttemps', true);
$this->tpl->assign('hasError', false);
}
// no errors in the form?
if ($this->frm->isCorrect()) {
// cleanup sessions
SpoonSession::delete('backend_login_attempts');
SpoonSession::delete('backend_last_attempt');
// create filter with modules which may not be displayed
$filter = array('authentication', 'error', 'core');
// get all modules
$modules = array_diff(BackendModel::getModules(), $filter);
// loop through modules and break on first allowed module
foreach ($modules as $module) {
if (BackendAuthentication::isAllowedModule($module)) {
break;
}
}
// redirect to the correct URL (URL the user was looking for or fallback)
$this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, $module)));
}
}
// is the form submitted
if ($this->frmForgotPassword->isSubmitted()) {
// backend email
$email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
// required fields
if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
// check if there is a user with the given emailaddress
if (!BackendUsersModel::existsEmail($email)) {
$this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
}
}
// no errors in the form?
if ($this->frmForgotPassword->isCorrect()) {
// generate the key for the reset link and fetch the user ID for this email
$key = BackendAuthentication::getEncryptedString($email, uniqid());
// insert the key and the timestamp into the user settings
$userId = BackendUsersModel::getIdByEmail($email);
$user = new BackendUser($userId);
$user->setSetting('reset_password_key', $key);
$user->setSetting('reset_password_timestamp', time());
// variables to parse in the e-mail
$variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('reset_password') . '&email=' . $email . '&key=' . $key;
// send e-mail to user
BackendMailer::addEmail(SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')), BACKEND_MODULE_PATH . '/layout/templates/mails/reset_password.tpl', $variables, $email);
// clear post-values
$_POST['backend_email_forgot'] = '';
// show success message
$this->tpl->assign('isForgotPasswordSuccess', true);
// show form
$this->tpl->assign('showForm', true);
} else {
$this->tpl->assign('showForm', true);
}
}
}
/**
* Get the token which will protect us
*
* @return string
*/
public static function getToken()
{
if (\SpoonSession::exists('csrf_token') && \SpoonSession::get('csrf_token') != '') {
$token = \SpoonSession::get('csrf_token');
} else {
$token = self::generateRandomString(10, true, true, false, false);
\SpoonSession::set('csrf_token', $token);
}
return $token;
}
/**
* Save statistics
*/
private function saveStatistics()
{
// no search term = no search
if (!$this->term) {
return;
}
// previous search result
$previousTerm = \SpoonSession::exists('searchTerm') ? \SpoonSession::get('searchTerm') : '';
\SpoonSession::set('searchTerm', '');
// save this term?
if ($previousTerm != $this->term) {
// format data
$this->statistics = array();
$this->statistics['term'] = $this->term;
$this->statistics['language'] = LANGUAGE;
$this->statistics['time'] = FrontendModel::getUTCDate();
$this->statistics['data'] = serialize(array('server' => $_SERVER));
$this->statistics['num_results'] = $this->pagination['num_items'];
// save data
FrontendSearchModel::save($this->statistics);
}
// save current search term in cookie
\SpoonSession::set('searchTerm', $this->term);
}
/**
* Set the dates based on GET and SESSION
* GET has priority and overwrites SESSION
*
* @return void
*/
public static function setDates()
{
// init vars with session data
$startTimestamp = SpoonSession::exists('analytics_start_timestamp') ? SpoonSession::get('analytics_start_timestamp') : null;
$endTimestamp = SpoonSession::exists('analytics_end_timestamp') ? SpoonSession::get('analytics_end_timestamp') : null;
// overwrite with get data if needed
if (isset($_GET['start_timestamp']) && $_GET['start_timestamp'] != '' && isset($_GET['end_timestamp']) && $_GET['end_timestamp'] != '') {
// get dates
$startTimestamp = (int) $_GET['start_timestamp'];
$endTimestamp = (int) $_GET['end_timestamp'];
}
// dates are set
if ($startTimestamp > 0 && $endTimestamp > 0) {
// init valid
$valid = true;
// check startTimestamp (valid year/month/day)
if (!checkdate((int) date('n', $startTimestamp), (int) date('j', $startTimestamp), (int) date('Y', $startTimestamp))) {
$valid = false;
} elseif (!checkdate((int) date('n', $endTimestamp), (int) date('j', $endTimestamp), (int) date('Y', $endTimestamp))) {
$valid = false;
} else {
// start needs to be before end
if ($startTimestamp > $endTimestamp) {
$valid = false;
} elseif ($startTimestamp < mktime(0, 0, 0, 1, 1, 2005)) {
$valid = false;
} elseif ($endTimestamp > time()) {
$valid = false;
}
}
// valid dates
if ($valid) {
// set sessions
SpoonSession::set('analytics_start_timestamp', $startTimestamp);
SpoonSession::set('analytics_end_timestamp', $endTimestamp);
}
} else {
// get interval
$interval = BackendModel::getModuleSetting('analytics', 'interval', 'week');
if ($interval == 'week') {
$interval .= ' -1 days';
}
// set sessions
SpoonSession::set('analytics_start_timestamp', strtotime('-1' . $interval, mktime(0, 0, 0)));
SpoonSession::set('analytics_end_timestamp', mktime(0, 0, 0));
}
}
/**
* Redirect to the loading page after checking for infinite loops.
*
* @return void
* @param string $action The action to check for infinite loops.
* @param array[optional] $extraParameters The extra parameters to append to the redirect url.
*/
public static function redirectToLoadingPage($action, array $extraParameters = array())
{
// get loop counter
$counter = SpoonSession::exists($action . 'Loop') ? SpoonSession::get($action . 'Loop') : 0;
// loop has run too long - throw exception
if ($counter > 2) {
throw new BackendException('An infinite loop has been detected while getting data from cache for the action "' . $action . '".');
}
// set new counter
SpoonSession::set($action . 'Loop', ++$counter);
// put parameters into a string
$extraParameters = empty($extraParameters) ? '' : '&' . http_build_query($extraParameters);
// redirect to loading page which will get the needed data based on the current action
SpoonHTTP::redirect(BackendModel::createURLForAction('loading') . '&redirect_action=' . $action . $extraParameters);
}
/**
* Is the current user logged in?
*
* @return bool
*/
public static function isLoggedIn()
{
// check if all needed values are set in the session
if (SpoonSession::exists('backend_logged_in', 'backend_secret_key') && (bool) SpoonSession::get('backend_logged_in') && (string) SpoonSession::get('backend_secret_key') != '') {
// get database instance
$db = BackendModel::getDB(true);
// get the row from the tables
$sessionData = $db->getRecord('SELECT us.id, us.user_id
FROM users_sessions AS us
WHERE us.session_id = ? AND us.secret_key = ?
LIMIT 1', array(SpoonSession::getSessionId(), SpoonSession::get('backend_secret_key')));
// if we found a matching row, we know the user is logged in, so we update his session
if ($sessionData !== null) {
// update the session in the table
$db->update('users_sessions', array('date' => BackendModel::getUTCDate()), 'id = ?', (int) $sessionData['id']);
// create a user object, it will handle stuff related to the current authenticated user
self::$user = new BackendUser($sessionData['user_id']);
// the user is logged on
return true;
} else {
SpoonSession::set('backend_logged_in', false);
}
} else {
SpoonSession::set('backend_logged_in', false);
}
// reset values for invalid users. We can't destroy the session because session-data can be used on the site.
if ((bool) SpoonSession::get('backend_logged_in') === false) {
// reset some values
SpoonSession::set('backend_logged_in', false);
SpoonSession::set('backend_secret_key', '');
// return result
return false;
}
}
/**
* Validate the form
*/
private function validateForm()
{
// get settings
$commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments'];
// comments aren't allowed so we don't have to validate
if (!$commentsAllowed) {
return false;
}
// is the form submitted
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// does the key exists?
if (SpoonSession::exists('blog_comment_' . $this->record['id'])) {
// calculate difference
$diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->getField('message')->addError(FL::err('CommentTimeout'));
}
}
// validate required fields
$this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired'));
$this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
$this->frm->getField('message')->isFilled(FL::err('MessageIsRequired'));
// validate optional fields
if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') {
$this->frm->getField('website')->isURL(FL::err('InvalidURL'));
}
// no errors?
if ($this->frm->isCorrect()) {
// get module setting
$spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter'];
$moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
// reformat data
$author = $this->frm->getField('author')->getValue();
$email = $this->frm->getField('email')->getValue();
$website = $this->frm->getField('website')->getValue();
if (trim($website) == '' || $website == 'http://') {
$website = null;
}
$text = $this->frm->getField('message')->getValue();
// build array
$comment['post_id'] = $this->record['id'];
$comment['language'] = FRONTEND_LANGUAGE;
$comment['created_on'] = FrontendModel::getUTCDate();
$comment['author'] = $author;
$comment['email'] = $email;
$comment['website'] = $website;
$comment['text'] = $text;
$comment['status'] = 'published';
$comment['data'] = serialize(array('server' => $_SERVER));
// get URL for article
$permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url'];
$redirectLink = $permaLink;
// is moderation enabled
if ($moderationEnabled) {
// if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue
if (!FrontendBlogModel::isModerated($author, $email)) {
$comment['status'] = 'moderation';
}
}
// should we check if the item is spam
if ($spamFilterEnabled) {
// check for spam
$result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website);
// if the comment is spam alter the comment status so it will appear in the spam queue
if ($result) {
$comment['status'] = 'spam';
} elseif ($result == 'unknown') {
$comment['status'] = 'moderation';
}
}
// insert comment
$comment['id'] = FrontendBlogModel::insertComment($comment);
// trigger event
FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment));
// append a parameter to the URL so we can show moderation
if (strpos($redirectLink, '?') === false) {
if ($comment['status'] == 'moderation') {
$redirectLink .= '?comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '?comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '?comment=true#comment-' . $comment['id'];
}
} else {
if ($comment['status'] == 'moderation') {
$redirectLink .= '&comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '&comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '&comment=true#comment-' . $comment['id'];
}
}
// set title
$comment['post_title'] = $this->record['title'];
$comment['post_url'] = $this->record['url'];
// notify the admin
FrontendBlogModel::notifyAdmin($comment);
// store timestamp in session so we can block excesive usage
SpoonSession::set('blog_comment_' . $this->record['id'], time());
// store author-data in cookies
try {
SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain());
} catch (Exception $e) {
// settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
}
// redirect
$this->redirect($redirectLink);
}
}
}
$tpl->assign('oRecent', true);
$tpl->assign('iRecent', $recent);
} else {
$tpl->assign('oNoRecent', true);
}
if ($user->GetTopPubs(5) !== null) {
$tpl->assign('oTopPubs', true);
$tpl->assign('iTopPubs', $user->GetTopPubs(5));
} else {
$tpl->assign('oNoTopPubs', true);
}
$tpl->assign('fb_uid', $user->fb_uid);
$tpl->assign('name', $user->first_name . ' ' . $user->last_name);
$tpl->assign('user_id', $user->user_id);
// if user is logged in and it's not his own profile show add as friend button
if (SpoonSession::exists('public_uid') && SpoonSession::get('public_uid') != $user->user_id) {
$loggedInUser = new User(SpoonSession::get('public_uid'), null, '');
if (!$loggedInUser->isFriend($user->user_id)) {
$tpl->assign('oAddFriend', true);
} else {
$tpl->assign('oDeleteFriend', true);
}
}
if (SpoonFilter::getGetValue('follow', null, '') == 'true') {
$loggedInUser->follow($user->user_id);
SpoonHTTP::redirect('/users/' . $user->user_id);
}
if (SpoonFilter::getGetValue('follow', null, '') == 'false') {
$loggedInUser->unfollow($user->user_id);
SpoonHTTP::redirect('/users/' . $user->user_id);
}
/**
* Installs the required and optional modules
*
* @return void
*/
private function installModules()
{
// get port
$port = SpoonSession::exists('db_port') && SpoonSession::get('db_port') != '' ? SpoonSession::get('db_port') : 3306;
// database instance
$this->db = new SpoonDatabase('mysql', SpoonSession::get('db_hostname'), SpoonSession::get('db_username'), SpoonSession::get('db_password'), SpoonSession::get('db_database'), $port);
// utf8 compliance & MySQL-timezone
$this->db->execute('SET CHARACTER SET utf8, NAMES utf8, time_zone = "+0:00"');
/**
* First we need to install the core. All the linked modules, settings and sql tables are
* being installed.
*/
require_once PATH_WWW . '/backend/core/installer/install.php';
// install the core
$install = new CoreInstall($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), array('default_language' => SpoonSession::get('default_language'), 'default_interface_language' => SpoonSession::get('default_interface_language'), 'spoon_debug_email' => SpoonSession::get('email'), 'api_email' => SpoonSession::get('email'), 'site_domain' => isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'fork.local', 'site_title' => 'Fork CMS', 'smtp_server' => '', 'smtp_port' => '', 'smtp_username' => '', 'smtp_password' => ''));
// variables passed to module installers
$variables = array();
$variables['email'] = SpoonSession::get('email');
$variables['default_interface_language'] = SpoonSession::get('default_interface_language');
// loop required modules
foreach ($this->modules['required'] as $module) {
// install exists
if (SpoonFile::exists(PATH_WWW . '/backend/modules/' . $module . '/installer/install.php')) {
// users module needs custom variables
if ($module == 'users') {
$variables['password'] = SpoonSession::get('password');
}
// load file
require_once PATH_WWW . '/backend/modules/' . $module . '/installer/install.php';
// class name
$class = SpoonFilter::toCamelCase($module) . 'Install';
// execute installer
$install = new $class($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), $variables);
}
}
// optional modules
foreach (SpoonSession::get('modules') as $module) {
if (!in_array($module, $this->modules['required'])) {
// install exists
if (SpoonFile::exists(PATH_WWW . '/backend/modules/' . $module . '/installer/install.php')) {
// load file
require_once PATH_WWW . '/backend/modules/' . $module . '/installer/install.php';
// class name
$class = SpoonFilter::toCamelCase($module) . 'Install';
// execute installer
$install = new $class($this->db, SpoonSession::get('languages'), SpoonSession::get('interface_languages'), SpoonSession::get('example_data'), $variables);
}
}
}
}
/**
* Validate the form.
*/
private function validateForm()
{
// submitted
if ($this->frm->isSubmitted()) {
// does the key exists?
if (\SpoonSession::exists('formbuilder_' . $this->item['id'])) {
// calculate difference
$diff = time() - (int) \SpoonSession::get('formbuilder_' . $this->item['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->addError(FL::err('FormTimeout'));
}
}
// validate fields
foreach ($this->item['fields'] as $field) {
// field name
$fieldName = 'field' . $field['id'];
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// loop other validations
foreach ($field['validations'] as $rule => $settings) {
// already has an error so skip
if ($this->frm->getField($fieldName)->getErrors() !== null) {
continue;
}
// required
if ($rule == 'required') {
$this->frm->getField($fieldName)->isFilled($settings['error_message']);
} elseif ($rule == 'email') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isEmail($settings['error_message']);
}
} elseif ($rule == 'numeric') {
// only check this if the field is filled, if the field is required it will be validated before
if ($this->frm->getField($fieldName)->isFilled()) {
$this->frm->getField($fieldName)->isNumeric($settings['error_message']);
}
} elseif ($rule == 'time') {
$regexTime = '/^(([0-1][0-9]|2[0-3]|[0-9])|([0-1][0-9]|2[0-3]|[0-9])(:|h)[0-5]?[0-9]?)$/';
if (!\SpoonFilter::isValidAgainstRegexp($regexTime, $this->frm->getField($fieldName)->getValue())) {
$this->frm->getField($fieldName)->setError($settings['error_message']);
}
}
}
}
// valid form
if ($this->frm->isCorrect()) {
// item
$data['form_id'] = $this->item['id'];
$data['session_id'] = \SpoonSession::getSessionId();
$data['sent_on'] = FrontendModel::getUTCDate();
$data['data'] = serialize(array('server' => $_SERVER));
// insert data
$dataId = FrontendFormBuilderModel::insertData($data);
// init fields array
$fields = array();
// loop all fields
foreach ($this->item['fields'] as $field) {
// skip
if ($field['type'] == 'submit' || $field['type'] == 'paragraph' || $field['type'] == 'heading') {
continue;
}
// field data
$fieldData['data_id'] = $dataId;
$fieldData['label'] = $field['settings']['label'];
$fieldData['value'] = $this->frm->getField('field' . $field['id'])->getValue();
if ($field['type'] == 'radiobutton') {
$values = array();
foreach ($field['settings']['values'] as $value) {
$values[$value['value']] = $value['label'];
}
$fieldData['value'] = $values[$fieldData['value']];
}
// clean up
if (is_array($fieldData['value']) && empty($fieldData['value'])) {
$fieldData['value'] = null;
}
// serialize
if ($fieldData['value'] !== null) {
$fieldData['value'] = serialize($fieldData['value']);
}
// save fields data
$fields[$field['id']] = $fieldData;
// insert
FrontendFormBuilderModel::insertDataField($fieldData);
}
$this->get('event_dispatcher')->dispatch(FormBuilderEvents::FORM_SUBMITTED, new FormBuilderSubmittedEvent($this->item, $fields, $dataId));
// trigger event
FrontendModel::triggerEvent('FormBuilder', 'after_submission', array('form_id' => $this->item['id'], 'data_id' => $dataId, 'data' => $data, 'fields' => $fields, 'visitorId' => FrontendModel::getVisitorId()));
// store timestamp in session so we can block excessive usage
\SpoonSession::set('formbuilder_' . $this->item['id'], time());
// redirect
$redirect = SITE_URL . $this->URL->getQueryString();
$redirect .= stripos($redirect, '?') === false ? '?' : '&';
$redirect .= 'identifier=' . $this->item['identifier'];
$redirect .= '#' . $this->formName;
throw new RedirectException('Redirect', new RedirectResponse($redirect));
} else {
// not correct, show errors
// global form errors set
if ($this->frm->getErrors() != '') {
$this->tpl->assign('formBuilderError', $this->frm->getErrors());
} else {
// general error
$this->tpl->assign('formBuilderError', FL::err('FormError'));
}
}
}
}
/**
* Validates the form. This is an alternative for isCorrect, but without retrieve the status of course.
*
* @return SpoonForm
*/
public function validate()
{
// define errors
$errors = '';
// if we use tokens, we validate them here
if ($this->getUseToken()) {
// token not available?
if (!SpoonSession::exists('form_token')) {
$errors .= $this->tokenError;
} else {
// compare tokens
if ($this->getField('form_token')->getValue() != SpoonSession::get('form_token')) {
$errors .= $this->tokenError;
}
}
}
// loop objects
foreach ($this->objects as $oElement) {
// check, since some objects don't have this method!
if (is_callable(array($oElement, 'getErrors'))) {
$errors .= $oElement->getErrors();
}
}
// affect correct status
if (trim($errors) != '') {
$this->correct = false;
}
// main form errors?
if (trim($this->getErrors()) != '') {
$this->correct = false;
}
// update parsed status
$this->validated = true;
return $this;
}
/**
* Check if a profile is loggedin.
*
* @return bool
*/
public static function isLoggedIn()
{
// profile object exist? (this means the session/cookie checks have already happened in the current request and we cached the profile)
if (isset(self::$profile)) {
return true;
} elseif (SpoonSession::exists('frontend_profile_logged_in') && SpoonSession::get('frontend_profile_logged_in') === true) {
// get session id
$sessionId = SpoonSession::getSessionId();
// get profile id
$profileId = (int) FrontendModel::getDB()->getVar('SELECT p.id
FROM profiles AS p
INNER JOIN profiles_sessions AS ps ON ps.profile_id = p.id
WHERE ps.session_id = ?', (string) $sessionId);
// valid profile id
if ($profileId !== 0) {
// update session date
FrontendModel::getDB(true)->update('profiles_sessions', array('date' => FrontendModel::getUTCDate()), 'session_id = ?', $sessionId);
// new user object
self::$profile = new FrontendProfilesProfile($profileId);
// logged in
return true;
} else {
SpoonSession::set('frontend_profile_logged_in', false);
}
} elseif (SpoonCookie::exists('frontend_profile_secret_key') && SpoonCookie::get('frontend_profile_secret_key') != '') {
// secret
$secret = (string) SpoonCookie::get('frontend_profile_secret_key');
// get profile id
$profileId = (int) FrontendModel::getDB()->getVar('SELECT p.id
FROM profiles AS p
INNER JOIN profiles_sessions AS ps ON ps.profile_id = p.id
WHERE ps.secret_key = ?', $secret);
// valid profile id
if ($profileId !== 0) {
// get new secret key
$profileSecret = FrontendProfilesModel::getEncryptedString(SpoonSession::getSessionId(), FrontendProfilesModel::getRandomString());
// update session record
FrontendModel::getDB(true)->update('profiles_sessions', array('session_id' => SpoonSession::getSessionId(), 'secret_key' => $profileSecret, 'date' => FrontendModel::getUTCDate()), 'secret_key = ?', $secret);
// set new cookie
SpoonCookie::set('frontend_profile_secret_key', $profileSecret, 60 * 60 * 24 * 31);
// set is_logged_in to true
SpoonSession::set('frontend_profile_logged_in', true);
// update last login
FrontendProfilesModel::update($profileId, array('last_login' => FrontendModel::getUTCDate()));
// new user object
self::$profile = new FrontendProfilesProfile($profileId);
// logged in
return true;
} else {
SpoonCookie::delete('frontend_profile_secret_key');
}
}
// no one is logged in
return false;
}
/**
* Validate the forms
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$txtEmail = $this->frm->getField('backend_email');
$txtPassword = $this->frm->getField('backend_password');
// required fields
if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
// add error
$this->frm->addError('fields required');
// show error
$this->tpl->assign('hasError', true);
}
$this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'.");
// invalid form-token?
if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('400 Bad Request', true, 400);
}
}
// get the user's id
$userId = BackendUsersModel::getIdByEmail($txtEmail->getValue());
// all fields are ok?
if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
// try to login the user
if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
$this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'.");
// add error
$this->frm->addError('invalid login');
// store attempt in session
$current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0;
// increment and store
\SpoonSession::set('backend_login_attempts', ++$current);
// save the failed login attempt in the user's settings
if ($userId !== false) {
BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time());
}
// show error
$this->tpl->assign('hasError', true);
}
}
// check sessions
if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) {
// get previous attempt
$previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time();
// calculate timeout
$timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4);
// too soon!
if (time() < $previousAttempt + $timeout) {
// sleep until the user can login again
sleep($timeout);
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('503 Service Unavailable', true, 503);
}
} else {
// increment and store
\SpoonSession::set('backend_last_attempt', time());
}
// too many attempts
$this->frm->addEditor('too many attempts');
$this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'.");
// show error
$this->tpl->assign('hasTooManyAttemps', true);
$this->tpl->assign('hasError', false);
}
// no errors in the form?
if ($this->frm->isCorrect()) {
// cleanup sessions
\SpoonSession::delete('backend_login_attempts');
\SpoonSession::delete('backend_last_attempt');
// save the login timestamp in the user's settings
$lastLogin = BackendUsersModel::getSetting($userId, 'current_login');
BackendUsersModel::setSetting($userId, 'current_login', time());
if ($lastLogin) {
BackendUsersModel::setSetting($userId, 'last_login', $lastLogin);
}
$this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'.");
// redirect to the correct URL (URL the user was looking for or fallback)
$this->redirectToAllowedModuleAndAction();
}
}
// is the form submitted
if ($this->frmForgotPassword->isSubmitted()) {
// backend email
$email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
// required fields
if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
// check if there is a user with the given emailaddress
if (!BackendUsersModel::existsEmail($email)) {
$this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
}
}
// no errors in the form?
if ($this->frmForgotPassword->isCorrect()) {
// generate the key for the reset link and fetch the user ID for this email
$key = BackendAuthentication::getEncryptedString($email, uniqid());
// insert the key and the timestamp into the user settings
$userId = BackendUsersModel::getIdByEmail($email);
$user = new User($userId);
$user->setSetting('reset_password_key', $key);
$user->setSetting('reset_password_timestamp', time());
// variables to parse in the e-mail
$variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key;
// send e-mail to user
$from = $this->get('fork.settings')->get('Core', 'mailer_from');
$replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to');
$message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables);
$this->get('mailer')->send($message);
// clear post-values
$_POST['backend_email_forgot'] = '';
// show success message
$this->tpl->assign('isForgotPasswordSuccess', true);
// show form
$this->tpl->assign('showForm', true);
} else {
// errors?
$this->tpl->assign('showForm', true);
}
}
}
/**
* Install settings
*/
private function installSettings()
{
// add 'blog' as a module
$this->addModule('mailmotor');
// get email from the session
$email = SpoonSession::exists('email') ? SpoonSession::get('email') : null;
// get from/replyTo core settings
$from = $this->getSetting('core', 'mailer_from');
$replyTo = $this->getSetting('core', 'mailer_reply_to');
// general settings
$this->setSetting('mailmotor', 'from_email', $from['email']);
$this->setSetting('mailmotor', 'from_name', $from['name']);
$this->setSetting('mailmotor', 'plain_text_editable', true);
$this->setSetting('mailmotor', 'reply_to_email', $replyTo['email']);
$this->setSetting('mailmotor', 'price_per_email', 0);
$this->setSetting('mailmotor', 'price_per_campaign', 0);
// pre-load these CM settings - these are used to obtain a client ID after the CampaignMonitor account is linked.
$this->setSetting('mailmotor', 'cm_url', '');
$this->setSetting('mailmotor', 'cm_username', '');
$this->setSetting('mailmotor', 'cm_password', '');
$this->setSetting('mailmotor', 'cm_client_company_name', $from['name']);
$this->setSetting('mailmotor', 'cm_client_contact_email', $from['email']);
$this->setSetting('mailmotor', 'cm_client_contact_name', $from['name']);
$this->setSetting('mailmotor', 'cm_client_country', 'Belgium');
$this->setSetting('mailmotor', 'cm_client_timezone', '');
// by default no account is linked yet
$this->setSetting('mailmotor', 'cm_account', false);
}
