/** * Generates and returns CSRF token * * @return string */ public static function generateToken() { $tokenList = self::getTokenList(); $token = base64_encode(time() . UTIL_String::getRandomString(32)); $tokenList[$token] = time(); self::saveTokenList($tokenList); return $token; }
public function prepareButton($params) { $appId = OW::getConfig()->getValue('contactimporter', 'facebook_app_id'); if (empty($appId)) { return; } $staticUrl = OW::getPluginManager()->getPlugin('contactimporter')->getStaticUrl(); $document = OW::getDocument(); $document->addScript($staticUrl . 'js/facebook.js'); $userId = OW::getUser()->getId(); $fbLibUrl = 'http://connect.facebook.net/en_US/all.js'; $code = UTIL_String::getRandomString(20); BOL_UserService::getInstance()->saveUserInvitation($userId, $code); $urlForInvite = OW::getRequest()->buildUrlQueryString(OW::getRouter()->urlForRoute('base_join'), array('code' => $code)); $js = UTIL_JsGenerator::newInstance(); $js->newObject(array('window', 'CONTACTIMPORTER_FaceBook'), 'CI_Facebook', array($fbLibUrl, $userId, $urlForInvite)); $fbParams = array('appId' => $appId, 'status' => true, 'cookie' => true, 'xfbml' => true); $js->callFunction(array('CONTACTIMPORTER_FaceBook', 'init'), array($fbParams)); $document->addOnloadScript((string) $js); OW::getLanguage()->addKeyForJs('contactimporter', 'facebook_inv_message_text'); OW::getLanguage()->addKeyForJs('contactimporter', 'facebook_after_invite_feedback'); return array('iconUrl' => $staticUrl . 'img/f.png', 'onclick' => "CONTACTIMPORTER_FaceBook.request(); return false;"); }
public function send() { if (empty($_POST['emailList'])) { exit(json_encode(array('success' => false, 'message' => OW::getLanguage()->text('contactimporter', 'email_send_error_empty_email_list')))); } if (count($_POST['emailList']) > (int) OW::getConfig()->getValue('base', 'user_invites_limit')) { exit(json_encode(array('success' => false, 'message' => OW::getLanguage()->text('contactimporter', 'email_send_error_max_limit_message', array('limit' => (int) OW::getConfig()->getValue('base', 'user_invites_limit')))))); } $userId = OW::getUser()->getId(); $displayName = BOL_UserService::getInstance()->getDisplayName($userId); $vars = array('inviter' => $displayName, 'siteName' => OW::getConfig()->getValue('base', 'site_name'), 'customMessage' => empty($_POST['text']) ? null : trim($_POST['text'])); foreach ($_POST['emailList'] as $email) { $code = UTIL_String::getRandomString(20); BOL_UserService::getInstance()->saveUserInvitation($userId, $code); $vars['siteInviteURL'] = OW::getRequest()->buildUrlQueryString(OW::getRouter()->urlForRoute('base_join'), array('code' => $code)); $mail = OW::getMailer()->createMail(); $mail->setSubject(OW::getLanguage()->text('contactimporter', 'mail_email_invite_subject', $vars)); $mail->setHtmlContent(OW::getLanguage()->text('contactimporter', 'mail_email_invite_' . (empty($_POST['text']) ? '' : 'msg_') . 'html', $vars)); $mail->setTextContent(OW::getLanguage()->text('contactimporter', 'mail_email_invite_' . (empty($_POST['text']) ? '' : 'msg_') . 'txt', $vars)); $mail->addRecipientEmail($email); OW::getMailer()->addToQueue($mail); } exit(json_encode(array('success' => true, 'message' => OW::getLanguage()->text('contactimporter', 'email_send_success', array('count' => count($_POST['emailList'])))))); }
/** * @param integer $userId * @return BOL_UserResetPassword */ public function getNewResetPassword($userId) { $resetPassword = new BOL_UserResetPassword(); $resetPassword->setUserId($userId); $resetPassword->setExpirationTimeStamp(time() + self::PASSWORD_RESET_CODE_EXPIRATION_TIME); $resetPassword->setUpdateTimeStamp(time() + self::PASSWORD_RESET_CODE_UPDATE_TIME); $resetPassword->setCode(md5(UTIL_String::getRandomString(8, 5))); $this->resetPasswordDao->save($resetPassword); return $resetPassword; }
public function passwordProtection() { $language = OW::getLanguage(); $form = new Form('password_protection'); $form->setAjax(true); $form->setAction(OW::getRouter()->urlFor('BASE_CTRL_BaseDocument', 'passwordProtection')); $form->setAjaxDataType(Form::AJAX_DATA_TYPE_SCRIPT); $password = new PasswordField('password'); $form->addElement($password); $submit = new Submit('submit'); $submit->setValue(OW::getLanguage()->text('base', 'password_protection_submit_label')); $form->addElement($submit); $this->addForm($form); if (OW::getRequest()->isAjax() && $form->isValid($_POST)) { $data = $form->getValues(); $password = OW::getConfig()->getValue('base', 'guests_can_view_password'); $cryptedPassword = crypt($data['password'], OW_PASSWORD_SALT); if (!empty($data['password']) && $cryptedPassword === $password) { setcookie('base_password_protection', UTIL_String::getRandomString(), time() + 86400 * 30, '/'); echo "OW.info('" . OW::getLanguage()->text('base', 'password_protection_success_message') . "');window.location.reload();"; } else { echo "OW.error('" . OW::getLanguage()->text('base', 'password_protection_error_message') . "');"; } exit; } OW::getDocument()->setHeading($language->text('base', 'password_protection_text')); OW::getDocument()->getMasterPage()->setTemplate(OW::getThemeManager()->getMasterPageTemplate('mobile_blank')); }
public function onUserLoginSetAdminCookie(OW_Event $event) { $params = $event->getParams(); if (BOL_AuthorizationService::getInstance()->isSuperModerator($params['userId'])) { $newToken = UTIL_String::getRandomString(32); OW::getConfig()->saveConfig('base', 'admin_cookie', $newToken); setcookie('adminToken', $newToken, time() + 3600 * 24 * 100, '/', null, false, true); } }
protected function addFakeQuestions() { $step = $this->getStep(); $realQuestionList = array(); $valueList = $this->questionValuesList; $this->questionValuesList = array(); $this->sortedQuestionsList = array(); $this->questionListBySection = array(); $section = ''; $oldQuestionList = OW::getSession()->get(self::SESSION_REAL_QUESTION_LIST); $allQuestionList = OW::getSession()->get(self::SESSION_ALL_QUESTION_LIST); if (!empty($oldQuestionList) && !empty($oldQuestionList)) { $realQuestionList = $oldQuestionList; $this->sortedQuestionsList = $allQuestionList; foreach ($this->sortedQuestionsList as $key => $question) { $this->questionListBySection[$question['sectionName']][] = $question; if ($question['fake'] == true) { $this->addDisplayNoneClass(preg_replace('/\\s+(ow_alt1|ow_alt2)/', '', $question['trClass'])); } else { $this->addEmptyClass(preg_replace('/\\s+(ow_alt1|ow_alt2)/', '', $question['trClass'])); } if (!empty($valueList[$question['realName']])) { $this->questionValuesList[$question['name']] = $valueList[$question['realName']]; } } } else { foreach ($this->questions as $sort => $question) { if ((string) $question['base'] === '0' && $step === 2 || $step === 1) { if ($section !== $question['sectionName']) { $section = $question['sectionName']; } $event = new OW_Event('base.questions_field_add_fake_questions', $question, true); OW::getEventManager()->trigger($event); $addFakes = $event->getData(); if (!$addFakes || in_array($this->questions[$sort]['presentation'], array('password', 'range'))) { $this->questions[$sort]['fake'] = false; $this->questions[$sort]['realName'] = $question['name']; $this->questions[$sort]['trClass'] = $this->toggleQuestionClass(); if ($this->questions[$sort]['presentation'] == 'password') { $this->toggleQuestionClass(); } $this->sortedQuestionsList[$question['name']] = $this->questions[$sort]; $this->questionListBySection[$section][] = $this->questions[$sort]; if (!empty($valueList[$question['name']])) { $this->questionValuesList[$question['name']] = $valueList[$question['name']]; } continue; } $fakesCount = rand(2, 5); $fakesCount = $fakesCount + 1; $randId = rand(0, $fakesCount); for ($i = 0; $i <= $fakesCount; $i++) { $randName = uniqid(UTIL_String::getRandomString(rand(5, 13), 2)); $question['trClass'] = uniqid('ow_' . UTIL_String::getRandomString(rand(5, 10), 2)); if ($i == $randId) { $realQuestionList[$randName] = $this->questions[$sort]['name']; $question['fake'] = false; $question['required'] = $this->questions[$sort]['required']; $this->addEmptyClass($question['trClass']); $question['trClass'] = $question['trClass'] . " " . $this->toggleQuestionClass(); } else { $question['required'] = 0; $question['fake'] = true; $this->addDisplayNoneClass($question['trClass']); $question['trClass'] = $question['trClass'] . " " . $this->randQuestionClass(); } $question['realName'] = $this->questions[$sort]['name']; $question['name'] = $randName; $this->sortedQuestionsList[$randName] = $question; if (!empty($valueList[$this->questions[$sort]['name']])) { $this->questionValuesList[$randName] = $valueList[$this->questions[$sort]['name']]; } $this->questionListBySection[$section][] = $question; } } } } if (OW::getRequest()->isPost()) { $this->post = $_POST; if (empty($oldQuestionList)) { $oldQuestionList = array(); } if (empty($allQuestionList)) { $allQuestionList = array(); } if ($oldQuestionList && $allQuestionList) { foreach ($oldQuestionList as $key => $value) { $newKey = array_search($value, $realQuestionList); if ($newKey !== false && isset($_POST[$key]) && isset($realQuestionList[$newKey])) { $this->post[$newKey] = $_POST[$key]; } } foreach ($allQuestionList as $question) { if (!empty($question['fake']) && !empty($_POST[$question['name']])) { $this->isBot = true; } } } } if ($this->isBot) { $event = new OW_Event('base.bot_detected', array('isBot' => true)); OW::getEventManager()->trigger($event); } OW::getSession()->set(self::SESSION_REAL_QUESTION_LIST, $realQuestionList); OW::getSession()->set(self::SESSION_ALL_QUESTION_LIST, $this->sortedQuestionsList); }
/** * Updates themes list and regenerates cache of each theme */ public function clearThemeCache() { $this->themeService->updateThemeList(); $this->themeService->processAllThemes(); if (OW::getConfig()->configExists("base", "cachedEntitiesPostfix")) { OW::getConfig()->saveConfig("base", "cachedEntitiesPostfix", UTIL_String::getRandomString()); } }
/** * Generates randow ID for HTML tags. * * @param string $prefix * @return string */ public static function generateAutoId($prefix = null) { $prefix = $prefix === null ? 'auto_id' : trim($prefix); return $prefix . '_' . UTIL_String::getRandomString(8, UTIL_String::RND_STR_ALPHA_NUMERIC); }
/** * Updates plugin DB after manual source upload * * @param array $params */ public function manualUpdateRequest(array $params) { $language = OW::getLanguage(); $feedback = OW::getFeedback(); $urlToRedirect = OW::getRouter()->urlForRoute("admin_plugins_installed"); $pluginDto = null; // check if plugin key was provided if (!empty($params["key"])) { $pluginDto = $this->pluginService->findPluginByKey(trim($params["key"])); } // try to get item for manual update from DB if (!$pluginDto) { $pluginDto = $this->pluginService->findNextManualUpdatePlugin(); } if (!empty($_GET["mode"])) { switch (trim($_GET["mode"])) { case "plugin_up_to_date": $feedback->warning($language->text("admin", "manage_plugins_up_to_date_message")); break; case "plugin_update_success": if ($pluginDto !== null) { OW::getEventManager()->trigger(new OW_Event(OW_EventManager::ON_AFTER_PLUGIN_UPDATE, array("pluginKey" => $pluginDto->getKey()))); } $feedback->info($language->text("admin", "manage_plugins_update_success_message")); break; default: $feedback->error($language->text("admin", "manage_plugins_update_process_error")); break; } $this->redirect($urlToRedirect); } // if nothing was found for update or everything is up to date if (!$pluginDto || (int) $pluginDto->getUpdate() != BOL_PluginService::PLUGIN_STATUS_MANUAL_UPDATE) { $feedback->warning(OW::getLanguage()->text("admin", "no_plugins_for_manual_updates")); $this->redirect($urlToRedirect); } $this->assign("text", $language->text("admin", "manage_plugins_manual_update_request", array("name" => $pluginDto->getTitle()))); $params = array("plugin" => $pluginDto->getKey(), "back-uri" => urlencode(OW::getRequest()->getRequestUri()), "addParam" => UTIL_String::getRandomString()); $this->assign("redirectUrl", OW::getRequest()->buildUrlQueryString($this->storageService->getUpdaterUrl(), $params)); }
public function send() { $request = json_decode($_POST['request'], true); $userId = OW::getUser()->getId(); $displayName = BOL_UserService::getInstance()->getDisplayName($userId); foreach ($request['contacts'] as $email) { $code = UTIL_String::getRandomString(20); BOL_UserService::getInstance()->saveUserInvitation($userId, $code); $inviteUrl = OW::getRequest()->buildUrlQueryString(OW::getRouter()->urlForRoute('base_join'), array('code' => $code)); $assigns = array('url' => $inviteUrl, 'message' => empty($request['message']) ? '' : $request['message'], 'user' => $displayName); $tpl = empty($request['message']) ? 'mail_google_invite' : 'mail_google_invite_msg'; $mail = OW::getMailer()->createMail(); $mail->setSubject(OW::getLanguage()->text('contactimporter', 'mail_google_invite_subject', $assigns)); $mail->setHtmlContent(OW::getLanguage()->text('contactimporter', $tpl . '_html', $assigns)); $mail->setTextContent(OW::getLanguage()->text('contactimporter', $tpl . '_txt', $assigns)); $mail->addRecipientEmail($email); OW::getMailer()->addToQueue($mail); } $message = OW::getLanguage()->text('contactimporter', 'google_send_success', array('count' => count($request['contacts']))); exit($message); }
public function install($params = array()) { $success = true; $configFile = OW_DIR_INC . 'config.php'; $dirs = array(OW_DIR_PLUGINFILES, OW_DIR_USERFILES, OW_DIR_STATIC, OW_DIR_SMARTY . 'template_c' . DS, OW_DIR_LOG); $errorDirs = array(); $this->checkWritable($dirs, $errorDirs); $doInstall = isset($params["action"]); if (OW::getRequest()->isPost() || $doInstall) { if (!empty($_POST['isConfigWritable'])) { @file_put_contents($configFile, $_POST['configContent']); $this->redirect(OW::getRouter()->urlForRoute("install-action", array("action" => "install"))); } if (!empty($errorDirs)) { //INSTALL::getFeedback()->errorMessage('Some directories are not writable'); $this->redirect(OW::getRouter()->urlForRoute("install")); } try { OW::getDbo(); } catch (InvalidArgumentException $e) { INSTALL::getFeedback()->errorMessage('<b>ow_includes/config.php</b> file is incorrect. Update it with details provided below.'); $this->redirect(OW::getRouter()->urlForRoute("install")); } try { $this->sqlImport(INSTALL_DIR_FILES . 'install.sql'); } catch (Exception $e) { INSTALL::getFeedback()->errorMessage($e->getMessage()); $this->redirect(OW::getRouter()->urlForRoute("install")); } try { OW::getConfig()->saveConfig('base', 'site_installed', 0); } catch (Exception $e) { OW::getConfig()->addConfig('base', 'site_installed', 0); } if (isset($_POST['continue']) || $doInstall) { $this->redirect(OW::getRouter()->urlForRoute('plugins')); } } $this->setPageTitle('Installation'); INSTALL::getStepIndicator()->activate('install'); $configContent = file_get_contents(INSTALL_DIR_FILES . 'config.txt'); $data = INSTALL::getStorage()->getAll(); $hostInfo = explode(':', $data['db_host']); $data['db_host'] = $hostInfo[0]; $data['db_port'] = empty($hostInfo[1]) ? 'null' : '"' . $hostInfo[1] . '"'; $data['password_salt'] = UTIL_String::getRandomString(16); $search = array(); $replace = array(); foreach ($data as $name => $value) { $search[] = '{$' . $name . '}'; $replace[] = $value; } $outConfigContent = str_replace($search, $replace, $configContent); $this->assign('configContent', $outConfigContent); $this->assign('dirs', $errorDirs); $this->assign('isConfigWritable', is_writable($configFile)); }