private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
public function index()
{
$session = Session::instance();
// Make sure we have an upgrade token
if (!($upgrade_token = $session->get("upgrade_token", null))) {
$session->set("upgrade_token", $upgrade_token = random::hash());
}
// If the upgrade token exists, then bless this session
if (file_exists(TMPPATH . $upgrade_token)) {
$session->set("can_upgrade", true);
@unlink(TMPPATH . $upgrade_token);
}
$available_upgrades = 0;
foreach (module::available() as $module) {
if ($module->version && $module->version != $module->code_version) {
$available_upgrades++;
}
}
$failed = Input::instance()->get("failed");
$view = new View("upgrader.html");
$view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade");
$view->upgrade_token = $upgrade_token;
$view->available = module::available();
$view->failed = $failed ? explode(",", $failed) : array();
$view->done = $available_upgrades == 0;
print $view;
}
public function reset_private_key()
{
// Generate a new (random) private key.
module::set_var("fotomotorw", "fotomoto_private_key", md5(random::hash() . access::private_key()));
message::success(t("Your Photomoto private key has been reset."));
url::redirect("admin/fotomotorw");
}
private function _get_proxy()
{
$album = test::random_album();
$photo = test::random_photo($album);
access::deny(identity::everybody(), "view_full", $album);
access::deny(identity::registered_users(), "view_full", $album);
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = random::hash();
$proxy->item_id = $photo->id;
return $proxy->save();
}
static function install()
{
// Set up some default values.
module::set_var("fotomotorw", "fotomoto_site_key", '');
module::set_var("fotomotorw", "fotomoto_private_key", md5(random::hash() . access::private_key()));
module::set_var("fotomotorw", "fotomoto_buy_prints", 1);
module::set_var("fotomotorw", "fotomoto_buy_cards", 1);
module::set_var("fotomotorw", "fotomoto_buy_download", 1);
module::set_var("fotomotorw", "fotomoto_share_ecard", 1);
module::set_var("fotomotorw", "fotomoto_share_facebook", 1);
module::set_var("fotomotorw", "fotomoto_share_twitter", 1);
module::set_var("fotomotorw", "fotomoto_share_digg", 1);
module::set_version("fotomotorw", 1);
}
public function print_photo($id)
{
access::verify_csrf();
$item = ORM::factory("item", $id);
access::required("view", $item);
if (access::group_can(identity::everybody(), "view_full", $item)) {
$full_url = $item->file_url(true);
$thumb_url = $item->thumb_url(true);
} else {
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = random::hash();
$proxy->item_id = $item->id;
$proxy->save();
$full_url = url::abs_site("digibug/print_proxy/full/{$proxy->uuid}/{$item->id}");
$thumb_url = url::abs_site("digibug/print_proxy/thumb/{$proxy->uuid}/{$item->id}");
}
$v = new View("digibug_form.html");
$v->order_params = array("digibug_api_version" => "100", "company_id" => module::get_var("digibug", "company_id"), "event_id" => module::get_var("digibug", "event_id"), "cmd" => "addimg", "partner_code" => "69", "return_url" => url::abs_site("digibug/close_window"), "num_images" => "1", "image_1" => $full_url, "thumb_1" => $thumb_url, "image_height_1" => $item->height, "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, "title_1" => html::purify($item->title));
print $v;
}
static function show_user_profile($data)
{
// Guests can't see a REST key
if (identity::active_user()->guest) {
return;
}
// Only logged in users can see their own REST key
if (identity::active_user()->id != $data->user->id) {
return;
}
$view = new View("user_profile_rest.html");
$key = ORM::factory("user_access_key")->where("user_id", "=", $data->user->id)->find();
if (!$key->loaded()) {
$key->user_id = $data->user->id;
$key->access_key = random::hash();
$key->save();
}
$view->rest_key = $key->access_key;
$data->content[] = (object) array("title" => t("REST API"), "view" => $view);
}
public function cache_delete_all_test()
{
$id1 = random::hash();
$value1 = array("field1" => "value1", "field2" => "value2");
$this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600);
$id2 = random::hash();
$value2 = array("field3" => "value3", "field4" => "value4");
$this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000);
$id3 = random::hash();
$value3 = array("field5" => "value5", "field6" => "value6");
$this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600);
$data = $this->_driver->delete(true);
$this->assert_false($this->_exists($id1), "{$id1} should have been deleted");
$this->assert_false($this->_exists($id2), "{$id2} should have been deleted");
$this->assert_false($this->_exists($id3), "{$id3} should have been deleted");
}
static function access_key()
{
$key = ORM::factory("user_access_key")->where("user_id", "=", identity::active_user()->id)->find();
if (!$key->loaded()) {
$key->user_id = identity::active_user()->id;
$key->access_key = md5(random::hash() . access::private_key());
$key->save();
}
return $key->access_key;
}
/**
* Get the Cross Site Request Forgery token for this session.
* @return string
*/
static function csrf_token()
{
$session = Session::instance();
$csrf = $session->get("csrf");
if (empty($csrf)) {
$csrf = random::hash();
$session->set("csrf", $csrf);
}
return $csrf;
}
static function random_string($length)
{
$buf = "";
do {
$buf .= random::hash();
} while (strlen($buf) < $length);
return substr($buf, 0, $length);
}
/**
* Return a random hexadecimal string of the given length.
* @param int the desired length of the string
*/
static function string($length)
{
return substr(random::hash(), 0, $length);
}
