/**
* Allows a model to be loaded by username or email address.
*/
public function unique_key($id)
{
if (!empty($id) and is_string($id) and !ctype_digit($id)) {
return valid::email($id) ? 'email' : 'username';
}
return parent::unique_key($id);
}
public function save()
{
if (!$_POST) {
die;
}
$this->rsp = Response::instance();
if (!valid::email($_POST['email'])) {
$this->rsp->msg = 'Invalid Email!';
$this->rsp->send();
} elseif ($this->owner->unique_key_exists($_POST['email'])) {
$this->rsp->msg = 'Email already exists!';
$this->rsp->send();
}
$pw = text::random('alnum', 8);
$this->owner->email = $_POST['email'];
$this->owner->password = $pw;
$this->owner->save();
$replyto = 'unknown';
$body = "Hi there, thanks for saving your progess over at http://pluspanda.com \r\n" . "Your auto-generated password is: {$pw} \r\n" . "Change your password to something more appropriate by going here:\r\n" . "http://pluspanda.com/admin/account?old={$pw} \r\n\n" . "Thank you! - Jade from pluspanda";
# to do FIX THE HEADERS.
$subject = 'Your Pluspanda account information =)';
$headers = "From: welcome@pluspanda.com \r\n" . "Reply-To: Jade \r\n" . 'X-Mailer: PHP/' . phpversion();
mail($_POST['email'], $subject, $body, $headers);
# add to mailing list.
include Kohana::find_file('vendor/mailchimp', 'MCAPI');
$config = Kohana::config('mailchimp');
$mailchimp = new MCAPI($config['apikey']);
$mailchimp->listSubscribe($config['list_id'], $_POST['email'], '', 'text', FALSE, TRUE, TRUE, FALSE);
$this->rsp->status = 'success';
$this->rsp->msg = 'Thanks, Account Saved!';
$this->rsp->send();
}
public function __construct($username = '', $password = '', $email = '')
{
// load database library into $this->db
parent::__construct();
if ($username != '' and $password != '' and $email != '') {
if (strlen($username) < 3) {
throw new Exception('Username too short');
} elseif (strlen($username) > 12) {
throw new Exception('Username too long');
} elseif (strlen($password) < 6) {
throw new Exception('Password too short');
} elseif (strlen($username) > 255) {
throw new Exception('Password too long');
} elseif (valid::email($email) == False) {
throw new Exception('Invalid email supplied');
} elseif ($this->user_exists($username, $email)) {
throw new Exception('User already exists (login or email matched)');
}
if ($this->register($username, $password, $email)->valid()) {
return true;
} else {
return false;
}
}
}
private function validate_email_form()
{
$messages = array();
if (valid::email($this->input->post('email')) == false) {
$messages[] = 'The supplied email address does not appear valid';
}
if ($this->input->post('body') == '') {
$messages[] = 'The body of your message should not be empty';
}
return $messages;
}
/**
* Displays a profile page for a user
*/
public function user()
{
// Cacheable Controller
$this->is_cachable = TRUE;
$this->template->header->this_page = 'profile';
// Check if we are looking for a user. Argument must be set to continue.
if (!isset(Router::$arguments[0])) {
url::redirect('profile');
}
$username = Router::$arguments[0];
// We won't allow profiles to be public if the username is an email address
if (valid::email($username)) {
url::redirect('profile');
}
$user = User_Model::get_user_by_username($username);
// We only want to show public profiles here
if ($user->public_profile == 1) {
$this->template->content = new View('profile/user');
$this->template->content->user = $user;
// User Reputation Score
$this->template->content->reputation = reputation::calculate($user->id);
// All users reports
$this->template->content->reports = ORM::factory('incident')->where(array('user_id' => $user->id, 'incident_active' => 1))->with('incident:location')->find_all();
// Get Badges
$this->template->content->badges = Badge_Model::users_badges($user->id);
// Logged in user id (false if not logged in)
$logged_in_id = FALSE;
if (isset(Auth::instance()->get_user()->id)) {
$logged_in_id = Auth::instance()->get_user()->id;
}
$this->template->content->logged_in_id = $logged_in_id;
// Is this the logged in user?
$logged_in_user = FALSE;
if ($logged_in_id == $user->id) {
$logged_in_user = TRUE;
}
$this->template->content->logged_in_user = $logged_in_user;
} else {
// this is a private profile so get out of here
url::redirect('profile');
}
$this->template->header->page_title .= $user->name . Kohana::config('settings.title_delimiter');
$this->template->header->header_block = $this->themes->header_block();
$this->template->footer->footer_block = $this->themes->footer_block();
}
public function validate($array)
{
$default = array("title" => "", "display_name" => "", "email" => "");
$array = arr::overwrite($default, $array);
$errors = array();
if ($array['display_name'] == "") {
$errors['display_name'] = "Please enter a display name";
}
if (!valid::email($array['email'])) {
$errors['email'] = "Please enter a valid email";
}
if ($array['title'] == "") {
$errors['title'] = "Please enter text for your comment";
}
$array['title'] = strip_tags($array['title']);
$array['errors'] = $errors;
return $array;
}
public function save(array $person = array(), $person_id = null)
{
$result = array('success' => false, 'error' => '');
$valid = true;
$person = $this->get_trimmed_allowed($person, array('space_id', 'email', 'x', 'y', 'active'));
if (isset($person['space_id']) && !valid::digit($person['space_id'])) {
$valid = false;
}
if (isset($person['email']) && !valid::email($person['email'])) {
$valid = false;
}
if (isset($person['x']) && !valid::numeric($person['x'])) {
$valid = false;
}
if (isset($person['y']) && !valid::numeric($person['y'])) {
$valid = false;
}
if (isset($person['active']) && !valid::digit($person['active'])) {
$valid = false;
}
if ($valid) {
if ($person_id) {
//UPDATE
$this->db->from('people')->set($person)->where(array('id' => (int) $person_id))->update();
$result['success'] = true;
} else {
// INSERT
$new_person = $this->db->from('people')->set($person)->insert();
$result['success'] = true;
$person_id = $new_person->insert_id();
}
$person = $this->db->select('people.*')->from('people')->where(array('id' => $person_id))->get();
$person = $this->result_as_array($person);
$result['person'] = $person;
} else {
$result['error'] = "The supplied data was invalid";
}
return $result;
}
public function password_recovery()
{
$id = 0;
$passto = false;
$errors = array();
$msg = "";
if ($this->ispost()) {
$input = Input::Instance();
$mail = $input->post('mail');
if ($mail == '') {
$errors[] = __("El Email no puede estar vacio", false);
} else {
if (valid::email($mail) == false) {
$errors[] = __("El Email no es valido", false);
} else {
$orm = $this->table->db2cls();
$result = $orm->load($mail, 'mail_client');
$id = (int) $result->id_client;
if ($id == 0) {
$errors[] = __("El Email no existe", false);
} else {
$passto = true;
$passwordgenorig = basics::passwordgenerator();
$passwordgen = fpp::cryptme($passwordgenorig);
$result->password_client = $passwordgen;
$href = html::anchor($this->href_store);
basics::mail_html_utf8($mail, __('Recuperación de clave de acceso', false), __("Estimado Cliente, <br/>Su nueva contraseña es", false) . " {$passwordgenorig} <br/>{$href}", $this->mail_store, "Floreria Rosabel");
$passto = true;
$result->save();
}
}
}
$msg = $passto == false ? basics::diverror($errors) : basics::diverror(array(__("E-mail enviado, revise su buzón", false)));
}
$this->content = View::factory("main/recovery_password")->set("msg", $msg)->render();
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$messages = array();
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, identity::guest()->id, "group");
return t("Skipping anonymous user");
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => (string) $e)), $e);
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
$user = identity::lookup_user_by_name($g2_user->getUsername());
if ($user) {
$messages[] = t("Loaded existing user: '******'.", array("name" => $user->name));
} else {
$email = $g2_user->getEmail();
if (empty($email) || !valid::email($email)) {
$email = "*****@*****.**";
}
try {
$user = identity::create_user($g2_user->getUserName(), $g2_user->getFullName(), $g2_user->getHashedPassword(), $email);
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to create user: '******' (id: %id)", array("name" => $g2_user->getUserName(), "id" => $g2_user_id)), $e, $messages);
}
if (class_exists("User_Model") && $user instanceof User_Model) {
// This will work if G2's password is a PasswordHash password as well.
$user->hashed_password = $g2_user->getHashedPassword();
}
$messages[] = t("Created user: '******'.", array("name" => $user->name));
if ($email == "*****@*****.**") {
$messages[] = t("Fixed invalid email (was '%invalid_email')", array("invalid_email" => $g2_user->getEmail()));
}
}
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
$messages[] = t("Added 'admin' flag to user");
} else {
$group = identity::lookup_group(self::map($g2_group_id));
$user->add($group);
$messages[] = t("Added user to group '%group'.", array("group" => $group->name));
}
}
try {
$user->save();
self::set_map($g2_user->getId(), $user->id, "user");
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to create user: '******'", array("name" => $user->name)), $e, $messages);
}
return $messages;
}
public function action_affiliate()
{
Breadcrumbs::add(Breadcrumb::factory()->set_title(__('Affiliate')));
$this->template->title = __('Affiliate Panel');
$user = Auth::instance()->get_user();
//Hack so the admin can see the stats for any user! cool!
if ($user->id_role == Model_Role::ROLE_ADMIN) {
$id_user = $this->request->param('id');
if (is_numeric($id_user)) {
$user = new Model_User($id_user);
}
}
$this->template->styles = array('//cdn.jsdelivr.net/bootstrap.datepicker/0.1/css/datepicker.css' => 'screen');
$this->template->scripts['footer'] = array('//cdn.jsdelivr.net/bootstrap.datepicker/0.1/js/bootstrap-datepicker.js', 'js/oc-panel/stats/dashboard.js');
$this->template->bind('content', $content);
$this->template->content = View::factory('oc-panel/profile/affiliate');
$content->user = $user;
// list of all products to build affiliate links
$products = new Model_Product();
$products = $products->where('status', '=', Model_Product::STATUS_ACTIVE)->find_all();
$content->products = $products;
//change paypal account->profile, put a warning if he didnt set it yet with a link
if (!valid::email($user->paypal_email)) {
Alert::set(Alert::INFO, __('Please set your paypal email at your profile'));
}
//list all his payments->orders paid
$payments = new Model_Order();
$content->payments = $payments->where('id_user', '=', $user->id_user)->where('id_product', 'is', NULL)->where('status', '=', Model_Order::STATUS_PAID)->order_by('pay_date', 'DESC')->find_all();
//see stats
////////////////////
//total earned commissions
$query = DB::select(DB::expr('SUM(amount) total'))->from('affiliates')->where('id_user', '=', $user->id_user)->group_by('id_user')->execute();
$total_earnings = $query->as_array();
$content->total_earnings = isset($total_earnings[0]['total']) ? $total_earnings[0]['total'] : 0;
//total since last payment
$last_payment_date = DB::select('pay_date')->from('orders')->where('id_user', '=', $user->id_user)->where('id_product', 'is', NULL)->where('status', '=', Model_Order::STATUS_PAID)->order_by('pay_date', 'ASC')->limit(1)->execute();
$last_payment_date = $last_payment_date->as_array();
$content->last_payment_date = isset($last_payment_date[0]['pay_date']) ? $last_payment_date[0]['pay_date'] : NULL;
$content->last_earnings = 0;
if ($content->last_payment_date != NULL) {
//commissions since last payment
$query = DB::select(DB::expr('SUM(amount) total'))->from('affiliates')->where('id_user', '=', $user->id_user)->where('created', 'between', array($content->last_payment_date, Date::unix2mysql()))->where('status', '=', Model_Affiliate::STATUS_CREATED)->group_by('id_user')->execute();
$last_earnings = $query->as_array();
$content->last_earnings = isset($last_earnings[0]['total']) ? $last_earnings[0]['total'] : 0;
}
//due to pay, is commisions with to pay date bigger than today
//commissions due to pay
$query = DB::select(DB::expr('SUM(amount) total'))->from('affiliates')->where('id_user', '=', $user->id_user)->where('date_to_pay', '<', Date::unix2mysql())->where('status', '=', Model_Affiliate::STATUS_CREATED)->group_by('id_user')->execute();
$due_to_pay = $query->as_array();
$content->due_to_pay = isset($due_to_pay[0]['total']) ? $due_to_pay[0]['total'] : 0;
//Getting the dates and range
$from_date = Core::post('from_date', strtotime('-1 month'));
$to_date = Core::post('to_date', time());
//we assure is a proper time stamp if not we transform it
if (is_string($from_date) === TRUE) {
$from_date = strtotime($from_date);
}
if (is_string($to_date) === TRUE) {
$to_date = strtotime($to_date);
}
//mysql formated dates
$my_from_date = Date::unix2mysql($from_date);
$my_to_date = Date::unix2mysql($to_date);
//dates range we are filtering
$dates = Date::range($from_date, $to_date, '+1 day', 'Y-m-d', array('date' => 0, 'count' => 0), 'date');
//dates displayed in the form
$content->from_date = date('Y-m-d', $from_date);
$content->to_date = date('Y-m-d', $to_date);
//visits created last XX days
$query = DB::select(DB::expr('DATE(created) date'))->select(DB::expr('COUNT(id_visit) count'))->from('visits')->where('id_affiliate', '=', $user->id_user)->where('created', 'between', array($my_from_date, $my_to_date))->group_by(DB::expr('DATE( created )'))->order_by('date', 'asc')->execute();
$visits = $query->as_array('date');
//commissions created last XX days
$query = DB::select(DB::expr('DATE(created) date'))->select(DB::expr('SUM(amount) total'))->from('affiliates')->where('id_user', '=', $user->id_user)->where('created', 'between', array($my_from_date, $my_to_date))->group_by(DB::expr('DATE( created )'))->order_by('date', 'asc')->execute();
$earnings = $query->as_array('date');
$stats_daily = array();
foreach ($dates as $date) {
$count_views = isset($visits[$date['date']]['count']) ? $visits[$date['date']]['count'] : 0;
$earned = isset($earnings[$date['date']]['total']) ? $earnings[$date['date']]['total'] : 0;
$stats_daily[] = array('date' => $date['date'], 'views' => $count_views, '$' => $earned);
}
$content->stats_daily = $stats_daily;
////////////////////////////////////////////////
//list paginated with commissions
/////////////////////////////////
$commissions = new Model_Affiliate();
$commissions = $commissions->where('id_user', '=', $user->id_user);
$pagination = Pagination::factory(array('view' => 'oc-panel/crud/pagination', 'total_items' => $commissions->count_all(), 'items_per_page' => 100))->route_params(array('controller' => $this->request->controller(), 'action' => $this->request->action(), 'id' => $this->request->param('id')));
$pagination->title($this->template->title);
$commissions = $commissions->order_by('created', 'desc')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all();
$pagination = $pagination->render();
$content->pagination = $pagination;
$content->commissions = $commissions;
//////////////////////////////////
}
/**
* Validate Custom Form Fields
* @param Validation $post Validation object from form post
* XXX This whole function is being done backwards
* Need to pull the list of custom form fields first
* Then look through them to see if they're set, not the other way around.
*/
public static function validate_custom_form_fields(&$post)
{
$custom_fields = array();
if (!isset($post->custom_field)) {
return;
}
/* XXX Checkboxes hackery
Checkboxes are submitted in the post as custom_field[field_id-boxnum]
This foreach loop consolidates them into one variable separated by commas.
If no checkboxes are selected then the custom_field[] for that variable is not sent
To get around that the view sets a hidden custom_field[field_id-BLANKHACK] field that
ensures the checkbox custom_field is there to be tested.
*/
foreach ($post->custom_field as $field_id => $field_response) {
$split = explode("-", $field_id);
if (isset($split[1])) {
// The view sets a hidden field for blankhack
if ($split[1] == 'BLANKHACK') {
if (!isset($custom_fields[$split[0]])) {
// then no checkboxes were checked
$custom_fields[$split[0]] = '';
}
// E.Kala - Removed the else {} block; either way continue is still invoked
continue;
}
if (isset($custom_fields[$split[0]])) {
$custom_fields[$split[0]] .= ",{$field_response}";
} else {
$custom_fields[$split[0]] = $field_response;
}
} else {
$custom_fields[$split[0]] = $field_response;
}
}
$post->custom_field = $custom_fields;
// Kohana::log('debug', Kohana::debug($custom_fields));
foreach ($post->custom_field as $field_id => $field_response) {
$field_param = ORM::factory('form_field', $field_id);
$custom_name = $field_param->field_name;
// Validate that this custom field already exists
if (!$field_param->loaded) {
// Populate the error field
//$errors[$field_id] = "The $custom_name field does not exist";
$post->add_error('custom_field', 'not_exist', array($field_id));
return;
}
$max_auth = self::get_user_max_auth();
$required_role = ORM::factory('role', $field_param->field_ispublic_submit);
if (($required_role->loaded ? $required_role->access_level : 0) > $max_auth) {
// Populate the error field
$post->add_error('custom_field', 'permission', array($custom_name));
return;
}
// Validate that the field is required
if ($field_param->field_required == 1 and $field_response == "") {
$post->add_error('custom_field', 'required', array($custom_name));
return;
}
// Grab the custom field options for this field
$field_options = self::get_custom_field_options($field_id);
// Validate Custom fields for text boxes
if ($field_param->field_type == 1 and isset($field_options) and $field_response != '') {
if (isset($field_options['field_datatype'])) {
if ($field_options['field_datatype'] == 'email' and !valid::email($field_response)) {
$post->add_error('custom_field', 'email', array($custom_name));
}
if ($field_options['field_datatype'] == 'phonenumber' and !valid::phone($field_response)) {
$post->add_error('custom_field', 'phone', array($custom_name));
}
if ($field_options['field_datatype'] == 'numeric' and !valid::numeric($field_response)) {
$post->add_error('custom_field', 'numeric', array($custom_name));
}
}
}
// Validate for date
if ($field_param->field_type == 3 and $field_response != "") {
$field_default = $field_param->field_default;
if (!valid::date_mmddyyyy($field_response)) {
$post->add_error('custom_field', 'date_mmddyyyy', array($custom_name));
}
}
// Validate multi-value boxes only have acceptable values
if ($field_param->field_type >= 5 and $field_param->field_type <= 7) {
$defaults = explode('::', $field_param->field_default);
$options = array();
if (preg_match("/[0-9]+-[0-9]+/", $defaults[0]) and count($defaults) == 1) {
$dashsplit = explode('-', $defaults[0]);
$start = $dashsplit[0];
$end = $dashsplit[1];
for ($i = $start; $i <= $end; $i++) {
array_push($options, $i);
}
} else {
$options = array_map('trim', explode(',', $defaults[0]));
}
$responses = explode(',', $field_response);
foreach ($responses as $response) {
if (!in_array($response, $options) and $response != '') {
$post->add_error('custom_field', 'values', array($custom_name));
//$errors[$field_id] = "The $custom_name field does not include $response as an option";
}
}
}
// Validate that a required checkbox is checked
if ($field_param->field_type == 6 and $field_response == 'BLANKHACK' and $field_param->field_required == 1) {
$post->add_error('custom_field', 'required', array($custom_name));
}
}
return;
}
public function request()
{
if (!IN_PRODUCTION) {
$profiler = new Profiler();
}
$post = new Validation($_POST);
$post->add_rules('email', 'required', array('valid', 'email'));
$is_resending = $this->input->get('resend', 0);
if ($is_resending || $post->validate()) {
$db = Database::instance();
// Check for re-entry of the page here.
if ($is_resending) {
$email = trim($this->session->get('saved_email'));
if (!$email || !valid::email($email)) {
if (!$email) {
$error_str_id = 'form_error_messages.email.required';
} else {
$error_str_id = 'form_error_messages.email.email';
}
$this->session->set_flash('signup_email_error', Kohana::lang($error_str_id));
url::redirect('signup');
return;
}
} else {
$email = trim($this->input->post('email'));
}
if (!$is_resending) {
$email_users_set = $db->from('email_users')->select('user_id', 'last_emailed_timestamp', 'is_validated')->where('email', $email)->limit(1)->get();
}
if (!$is_resending && count($email_users_set)) {
foreach ($email_users_set as $row) {
$email_user = $row;
}
$this->prepend_title("Sign up");
if ($email_user->is_validated) {
$this->render_markdown_template(new View('account_already_active'));
} else {
$this->session->set_flash('saved_email', $email);
$this->render_markdown_template(new View('account_resend_email'));
}
} else {
$validation_key = $this->getUniqueCode($email, 32);
// What kind of email address is it?
if (eregi('@([a-z0-9]+\\.)*uwaterloo\\.ca$', $email)) {
$public_api_key = $this->getUniqueCode($email, 32);
$private_api_key = $this->getUniqueCode($email, 32);
$successfully_sent_email = $this->send_api_key_email($email, $validation_key, $public_api_key, $private_api_key);
} else {
$successfully_sent_email = $this->send_coming_soon_email($email, $validation_key);
}
if (!$is_resending) {
$user_details_values = array('primary_email' => $email);
if (isset($public_api_key) && isset($private_api_key)) {
$user_details_values['public_api_key'] = $public_api_key;
$user_details_values['private_api_key'] = $private_api_key;
}
$user_details = $db->insert('user_details', $user_details_values);
}
if (!$is_resending) {
$email_users_values = array('email' => $email, 'validation_key' => $validation_key, 'user_id' => $user_details->insert_id());
$db->insert('email_users', $email_users_values);
if ($successfully_sent_email) {
$db->from('email_users')->set('last_emailed_timestamp', 'CURRENT_TIMESTAMP', $disable_escaping = true)->where('email', $email)->update();
}
} else {
if ($successfully_sent_email) {
$db->from('email_users')->set('validation_key', $validation_key)->set('last_emailed_timestamp', 'CURRENT_TIMESTAMP', $disable_escaping = true)->where('email', $email)->update();
}
}
$this->session->set_flash('just_completed', true);
url::redirect('signup/completed');
}
} else {
$errors = $post->errors();
$this->session->set_flash('signup_email_error', Kohana::lang('form_error_messages.email.' . $errors['email']));
url::redirect('signup');
}
}
public static function send_notifications($recipient_id, $item_id, $mailtype)
{
//Load the item
$item = ORM::factory("item")->where("id", "=", $item_id)->find();
if (!$item->loaded()) {
return false;
}
//Load the user
$recipient = ORM::factory("user")->where("id", "=", $recipient_id)->find();
if (!$recipient->loaded()) {
return false;
}
//Only send mail if the notifications are switched on globally
if (!module::get_var("photoannotation", "nonotifications", false)) {
//Check if the use has a valid e-mail
if (!valid::email($recipient->email)) {
return false;
}
//Get the users settings
$notification_settings = self::get_user_notification_settings($recipient);
//Check which type of mail to send
switch ($mailtype) {
case "newtag":
//Only send if user has this option enabled
if ($notification_settings->newtag) {
//Get subject and body and send the mail
$subject = module::get_var("photoannotation", "newtagsubject", "Someone tagged a photo of you");
$body = module::get_var("photoannotation", "newtagbody", "Hello %name, please visit %url to view the photo.");
$body = str_ireplace(array("%url", "%name"), array($item->abs_url(), $recipient->display_name()), $body);
return self::_send_mail($recipient->email, $subject, $body);
}
break;
case "newcomment":
//Only send if user has this option enabled
if ($notification_settings->comment) {
//Don't send if the notification module is active and the user is watching this item
if (module::is_active("notification")) {
if (notification::is_watching($item, $recipient)) {
return false;
}
}
//Get subject and body and send the mail
$subject = module::get_var("photoannotation", "newcommentsubject", "Someone added a comment to photo of you");
$body = module::get_var("photoannotation", "newcommentbody", "Hello %name, please visit %url to read the comment.");
$body = str_ireplace(array("%url", "%name"), array($item->abs_url(), $recipient->display_name()), $body);
return self::_send_mail($recipient->email, $subject, $body);
}
break;
case "updatecomment":
//Only send if user has this option enabled
if ($notification_settings->comment) {
//Don't send if the notification module is active and the user is watching this item
if (module::is_active("notification")) {
if (notification::is_watching($item, $recipient)) {
return false;
}
}
//Get subject and body and send the mail
$subject = module::get_var("photoannotation", "updatedcommentsubject", "Someone updated a comment to photo of you");
$body = module::get_var("photoannotation", "updatedcommentbody", "Hello %name, please visit %url to read the comment.");
$body = str_ireplace(array("%url", "%name"), array($item->abs_url(), $recipient->display_name()), $body);
return self::_send_mail($recipient->email, $subject, $body);
}
}
}
return false;
}
private function processCreateAdmin()
{
$valid = TRUE;
if (!valid::email($this->session->get('installer.adminEmailAddress'))) {
message::set('You must enter a valid email address to continue!');
$valid = FALSE;
} elseif (strlen($this->session->get('installer.adminPassword')) < 1) {
message::set('You need to set a password!');
$valid = FALSE;
} elseif ($this->session->get('installer.adminPassword') != $this->session->get('installer.adminConfirmPassword')) {
message::set('Passwords do not match!');
$valid = FALSE;
}
return $valid;
}
/**
* Function to import a report form a row in the CSV file
* @param array $row
* @return bool
*/
function import_report($row)
{
// If the date is not in proper date format
if (!strtotime($row['INCIDENT DATE'])) {
$this->errors[] = Kohana::lang('import.incident_date') . ($this->rownumber + 1) . ': ' . $row['INCIDENT DATE'];
}
// If a value of Yes or No is NOT set for approval status for the imported row
if (isset($row["APPROVED"]) and !in_array(utf8::strtoupper($row["APPROVED"]), array('NO', 'YES'))) {
$this->errors[] = Kohana::lang('import.csv.approved') . ($this->rownumber + 1);
}
// If a value of Yes or No is NOT set for verified status for the imported row
if (isset($row["VERIFIED"]) and !in_array(utf8::strtoupper($row["VERIFIED"]), array('NO', 'YES'))) {
$this->errors[] = Kohana::lang('import.csv.verified') . ($this->rownumber + 1);
}
if (count($this->errors)) {
return false;
}
// STEP 1: SAVE LOCATION
if (isset($row['LOCATION'])) {
$location = new Location_Model();
$location->location_name = isset($row['LOCATION']) ? $row['LOCATION'] : '';
// For Geocoding purposes
$location_geocoded = map::geocode($location->location_name);
// If we have LATITUDE and LONGITUDE use those
if (isset($row['LATITUDE']) and isset($row['LONGITUDE'])) {
$location->latitude = isset($row['LATITUDE']) ? $row['LATITUDE'] : 0;
$location->longitude = isset($row['LONGITUDE']) ? $row['LONGITUDE'] : 0;
} else {
$location->latitude = $location_geocoded ? $location_geocoded['latitude'] : 0;
$location->longitude = $location_geocoded ? $location_geocoded['longitude'] : 0;
}
$location->country_id = $location_geocoded ? $location_geocoded['country_id'] : 0;
$location->location_date = $this->time;
$location->save();
$this->locations_added[] = $location->id;
}
// STEP 2: SAVE INCIDENT
$incident = new Incident_Model();
$incident->location_id = isset($row['LOCATION']) ? $location->id : 0;
$incident->user_id = 0;
$incident->form_id = (isset($row['FORM #']) and Form_Model::is_valid_form($row['FORM #'])) ? $row['FORM #'] : 1;
$incident->incident_title = $row['INCIDENT TITLE'];
$incident->incident_description = isset($row['DESCRIPTION']) ? $row['DESCRIPTION'] : '';
$incident->incident_date = date("Y-m-d H:i:s", strtotime($row['INCIDENT DATE']));
$incident->incident_dateadd = $this->time;
$incident->incident_active = (isset($row['APPROVED']) and utf8::strtoupper($row['APPROVED']) == 'YES') ? 1 : 0;
$incident->incident_verified = (isset($row['VERIFIED']) and utf8::strtoupper($row['VERIFIED']) == 'YES') ? 1 : 0;
$incident->save();
$this->incidents_added[] = $incident->id;
// STEP 3: Save Personal Information
if (isset($row['FIRST NAME']) or isset($row['LAST NAME']) or isset($row['EMAIL'])) {
$person = new Incident_Person_Model();
$person->incident_id = $incident->id;
$person->person_first = isset($row['FIRST NAME']) ? $row['FIRST NAME'] : '';
$person->person_last = isset($row['LAST NAME']) ? $row['LAST NAME'] : '';
$person->person_email = (isset($row['EMAIL']) and valid::email($row['EMAIL'])) ? $row['EMAIL'] : '';
$person->person_date = date("Y-m-d H:i:s", time());
// Make sure that you're not importing an empty record i.e at least one field has been recorded
// If all fields are empty i.e you have an empty record, don't save
if (!empty($person->person_first) or !empty($person->person_last) or !empty($person->person_email)) {
$person->save();
// Add to array of incident persons added
$this->incident_persons_added[] = $person->id;
}
}
// STEP 4: SAVE CATEGORIES
// If CATEGORY column exists
if (isset($row['CATEGORY'])) {
$categorynames = explode(',', trim($row['CATEGORY']));
// Trim whitespace from array values
$categorynames = array_map('trim', $categorynames);
// Get rid of duplicate category entries in a row
$categories = array_unique(array_map('strtolower', $categorynames));
// Add categories to incident
foreach ($categories as $categoryname) {
// Convert the first string character of the category name to Uppercase
$categoryname = utf8::ucfirst($categoryname);
// For purposes of adding an entry into the incident_category table
$incident_category = new Incident_Category_Model();
$incident_category->incident_id = $incident->id;
// If category name exists, add entry in incident_category table
if ($categoryname != '') {
// Check if the category exists (made sure to convert to uppercase for comparison)
if (!isset($this->existing_categories[utf8::strtoupper($categoryname)])) {
$this->notices[] = Kohana::lang('import.new_category') . $categoryname;
$category = new Category_Model();
$category->category_title = $categoryname;
// We'll just use black for now. Maybe something random?
$category->category_color = '000000';
// because all current categories are of type '5'
$category->category_visible = 1;
$category->category_description = $categoryname;
$category->category_position = count($this->existing_categories);
$category->save();
$this->categories_added[] = $category->id;
// Now category_id is known: This time, and for the rest of the import.
$this->existing_categories[utf8::strtoupper($categoryname)] = $category->id;
}
$incident_category->category_id = $this->existing_categories[utf8::strtoupper($categoryname)];
$incident_category->save();
$this->incident_categories_added[] = $incident_category->id;
}
}
}
// STEP 5: Save Custom form fields responses
// Check for form_id
$form_id = (isset($row['FORM #']) and Form_Model::is_valid_form($row['FORM #'])) ? $row['FORM #'] : 1;
// Get custom form fields for this particular form
$custom_titles = customforms::get_custom_form_fields('', $form_id, false);
// Do custom form fields exist on this deployment?
if (!empty($custom_titles)) {
foreach ($custom_titles as $field_name) {
// Check if the column exists in the CSV
$rowname = utf8::strtoupper($field_name['field_name']);
if (isset($row[$rowname . '-' . $form_id])) {
$response = $row[$rowname . '-' . $form_id];
// Grab field_id and field_type
$field_id = $field_name['field_id'];
$field_type = $field_name['field_type'];
// Initialize form response model
$form_response = new Form_Response_Model();
$form_response->incident_id = $incident->id;
$form_response->form_field_id = $field_id;
// If form response exists
if ($response != '') {
/* Handling case sensitivity issues with custom form field upload */
// Check if the field is a radio button, checkbox OR dropdown field
if ($field_type == '5' or $field_type == '6' or $field_type == '7') {
// Get field option values
$field_values = $field_name['field_default'];
// Split field options into individual values
$options = explode(",", $field_values);
// Since radio button and dropdown fields take single responses
if ($field_type == '5' or $field_type == '7') {
foreach ($options as $option) {
// Carry out a case insensitive comparison between individual field options and csv response
// If there's a match, store field option value from the db
if (strcasecmp($option, $response) == 0) {
$form_response->form_response = $option;
}
}
}
// For checkboxes, which accomodate multiple responses
if ($field_type == '6') {
// Split user responses into single values
$csvresponses = explode(",", $response);
$values = array();
foreach ($options as $option) {
foreach ($csvresponses as $csvresponse) {
// Carry out a case insensitive comparison between individual field options and csv response
// If there's a match
if (strcasecmp($option, $csvresponse) == 0) {
// Store field option value from the db
$values[] = $option;
}
}
}
// Concatenate checkbox values into a string, separated by a comma
$form_response->form_response = implode(",", $values);
}
} else {
$form_response->form_response = $response;
}
// If form_response is provided based on conditions set above, Save the form response
if ($form_response->form_response != '') {
$form_response->save();
// Add to array of field responses added
$this->incident_responses_added[] = $form_response->id;
}
}
}
}
}
return true;
}
private function reset_password()
{
if ($_POST) {
if (!valid::email($_POST['email'])) {
die('email is not valid');
}
$db = new Database();
$account_user_db = $db->query("\n SELECT id, username\n FROM account_users\n WHERE fk_site = '{$this->site_id}'\n AND email = '{$_POST['email']}'\n ")->current();
if (!is_object($account_user_db)) {
die('This email does not exist in our records.');
}
# Load the user model
$account_user = ORM::factory('account_user', $account_user_db->id);
$new_password = text::random('alnum', 10);
$account_user->password = $new_password;
if ($account_user->save()) {
die("new password has been generated: {$account_user->username}: {$new_password}");
}
# TODO: Remember to send the email!!!
}
die;
}
/**
* Enregistrement d'un utilisateur.
*
* @return void
*/
public function register()
{
if (Auth::instance()->logged_in()) {
return url::redirect(cookie::get('urlAdminUrl') . '?msg=' . urlencode(Kohana::lang('logger.identify')));
} elseif ($_POST) {
$username = $this->input->post('username');
$password = $this->input->post('password');
$tmpUsername = explode('@', $username);
$tmpUsername = $tmpUsername[0];
$user = ORM::factory('user', $username);
if (!$username || !$password) {
$txt = Kohana::lang('logger.error_all_form');
} elseif (!valid::email($username) || !valid::email_domain($username) || !valid::email_rfc($username)) {
$txt = Kohana::lang('logger.error_mail_valid');
} elseif (User_Model::verification_mail($username)) {
$txt = Kohana::lang('logger.exist_email');
} elseif ($user->loaded) {
$txt = Kohana::lang('logger.exist_username');
} elseif ($user->insert(array('username' => $tmpUsername, 'x' => Kohana::config('game.initialPosition.x'), 'y' => Kohana::config('game.initialPosition.y'), 'z' => Kohana::config('game.initialPosition.z'), 'region_id' => Kohana::config('game.initialPosition.region'), 'speed' => Kohana::config('game.initialSpeed'), 'gravity' => Kohana::config('game.initialGravity'), 'password' => Auth::instance()->hash_password($password), 'last_login' => date::Now(), 'argent' => 0, 'hp' => Kohana::config('game.initialHP'), 'hp_max' => Kohana::config('game.initialHP'), 'email' => $username, 'ip' => $_SERVER['REMOTE_ADDR']))) {
Auth::instance()->login($username, $password);
$from = Kohana::config('game.name') . ' <' . Kohana::config('email.from') . '>';
$subject = Kohana::lang('logger.title_mail_register', Kohana::config('game.name'));
$message = Kohana::lang('logger.content_mail_register', $username, $username, $password);
email::send($username, $from, $subject, $message, TRUE);
return url::redirect('?msg=' . urlencode(Kohana::lang('logger.identify')));
} else {
$txt = Kohana::lang('logger.error_register');
}
} else {
$txt = Kohana::lang('logger.no_acces');
}
return self::redirection($txt);
}
/**
* Tests the valid::email() function.
* @dataProvider email_provider
* @group core.helpers.valid.email
* @test
*/
public function email($input_email, $expected_result)
{
$result = valid::email($input_email);
$this->assertEquals($expected_result, $result);
}
public function valid_email_test()
{
$this->assert_true_strict(valid::email('*****@*****.**'))->assert_false_strict(valid::email('address@domain'));
}
public function reset()
{
// Validate the form input
$input = Validation::factory($this->input->post())->pre_filter('trim')->add_rules('email', 'required', 'email');
if ($input->validate()) {
$user = ORM::factory('user')->where('email', $this->input->post('email'))->find();
if (valid::email($this->input->post('email'))) {
if ($user->loaded) {
$original_password = $user->password;
// we have found the user and their email address.
// @todo make email useable, view, conifg options etc.
$password = text::random(Kohana::config('password_reset.password_character_type'), Kohana::config('password_reset.random_password_length'));
$view = new view('account/reset_email');
$view->password = $password;
// send the password first, so if it fails we know not to update their account.
$sent = email::send($this->input->post('email'), 'admin@' . $this->input->server('HTTP_HOST', 'default_value'), 'You\'re password has been reset', $view, TRUE);
if ($sent) {
$user->password = $password;
if ($user->save()) {
$this->notification->add($this->i18n['system.user.success']);
url::redirect(url::area() . 'login');
// if their password has been reset, then send them to the login form
} else {
$this->notification->add($this->i18n['system.user.failed']);
}
} else {
$this->notification->add($this->i18n['system.email.failed'], $this->input->post('email'));
}
} else {
$this->notification->add($this->i18n['system.user.invalid'], $this->input->post('email'));
}
} else {
$this->notification->add($this->i18n['filter.email.email']);
// invlaid email address
}
} else {
foreach ($input->errors() as $key => $value) {
$this->notification->add($this->i18n['filter.' . $key . '.' . $value]);
}
}
url::redirect(url::area() . 'recover');
// the password was not updated, send them back to the recover page
}
public function isValid($validation_data)
{
$errors = [];
foreach ($validation_data as $name => $value) {
//echo $name." ";
//if (isset($_REQUEST[$name]) && !empty($_REQUEST[$name]))
if ($name == "verify_emails") {
//echo "verify email found";
$name = "verify_email";
}
if ($name == "verify_passwords") {
//echo "verify password found";
$name = "verify_password";
}
if ($name == "emails") {
//echo "verify password found";
$name = "email";
}
$exploded = explode(":", $value);
//echo $exploded[0]."<br>";
switch ($exploded[0]) {
case 'min':
$min = $exploded[1];
if (valid::alpha()->length($min)->validate($_REQUEST[$name]) == false) {
$errors[] = "{$name} must be at least {$min} Characters Long!";
}
break;
case 'email':
//echo "irum";
if (valid::email()->validate($_REQUEST[$name]) == false) {
$errors[] = "You must enter a valid Email address";
}
break;
case 'alnum':
//echo "irum";
if (valid::alnum()->length(4)->validate($_REQUEST[$name]) == false) {
$errors[] = "Password must be at least 4 Characters Long";
}
break;
case 'equalTo':
if (valid::equals($_REQUEST[$name])->validate($_REQUEST[$exploded[1]]) == false) {
$errors[] = "Values does not match verification value!";
}
break;
case 'unique':
//echo "unique";
$model = "Acme\\models\\" . $exploded[1];
$table = new $model();
//dd($name);
$results = $table::where($name, '=', $_REQUEST[$name])->first();
//dd($results);
if ($results != null) {
$errors[] = $_REQUEST[$name] . " already exist in this system!";
}
break;
default:
$errors[] = "No Values Found!";
break;
}
}
return $errors;
}
/**
* Check if a given string is a valid url or email.
*
* @param String $str
* @return Boolean
*/
public function contact_is_valid($str)
{
if (valid::email($str) || valid::url($str)) {
return true;
}
return false;
}
/**
* Make sure that the email address is legal.
*/
public function valid_email(Validation $v, $field)
{
if ($this->author_id == identity::guest()->id) {
if (empty($v->guest_email)) {
$v->add_error("guest_email", "required");
} else {
if (!valid::email($v->guest_email)) {
$v->add_error("guest_email", "invalid");
}
}
}
}
/**
* Allows a model to be loaded by code or email
*
* @param mixed $id code, email
* @return string
*/
public function unique_key($code)
{
return valid::email($code) ? 'email' : 'code';
}
/**
* Set Gravatar email
*
* @param string $email
* @return Gravatar
*/
public function set_email($email)
{
if (valid::email($email)) {
$this->id = md5(strtolower($email));
}
return $this;
}
/**
* Import Reports via XML
* @param DOMNodeList Object $report
* @return bool
*/
public function import_reports($reports)
{
/* Import individual reports */
foreach ($reports->getElementsByTagName('report') as $report) {
$this->totalreports++;
// Get Report id
$report_id = $report->getAttribute('id');
// Check if this incident already exists in the db
if (isset($report_id) and isset($this->incident_ids[$report_id])) {
$this->notices[] = Kohana::lang('import.incident_exists') . $report_id;
} else {
/* Step 1: Location information */
$locations = $report->getElementsByTagName('location');
// If location information has been provided
if ($locations->length > 0) {
$report_location = $locations->item(0);
// Location Name
$location_name = xml::get_node_text($report_location, 'name');
// Longitude
$longitude = xml::get_node_text($report_location, 'longitude');
// Latitude
$latitude = xml::get_node_text($report_location, 'latitude');
if ($location_name) {
// For geocoding purposes
$location_geocoded = map::geocode($location_name);
// Save the location
$new_location = new Location_Model();
$new_location->location_name = $location_name ? $location_name : NULL;
$new_location->location_date = $this->time;
// If longitude/latitude values are present
if ($latitude and $longitude) {
$new_location->latitude = $latitude ? $latitude : 0;
$new_location->longitude = $longitude ? $longitude : 0;
} else {
// Get geocoded lat/lon values
$new_location->latitude = $location_geocoded ? $location_geocoded['latitude'] : $latitude;
$new_location->longitude = $location_geocoded ? $location_geocoded['longitude'] : $longitude;
}
$new_location->country_id = $location_geocoded ? $location_geocoded['country_id'] : 0;
$new_location->save();
// Add this location to array of imported locations
$this->locations_added[] = $new_location->id;
}
}
/* Step 2: Save Report */
// Report Title
$report_title = xml::get_node_text($report, 'title');
// Report Date
$report_date = xml::get_node_text($report, 'date');
// Missing report title or report date?
if (!$report_title or !$report_date) {
$this->errors[] = Kohana::lang('import.xml.incident_title_date') . $this->totalreports;
}
// If report date is not in the required format
if (!strtotime($report_date)) {
$this->errors[] = Kohana::lang('import.incident_date') . $this->totalreports . ': ' . html::escape($report_date);
} else {
// Approval status?
$approved = $report->getAttribute('approved');
$report_approved = (isset($approved) and in_array($approved, $this->allowable)) ? $approved : 0;
// Verified Status?
$verified = $report->getAttribute('verified');
$report_verified = (isset($verified) and in_array($verified, $this->allowable)) ? $verified : 0;
// Report mode?
$allowed_modes = array(1, 2, 3, 4);
$mode = $report->getAttribute('mode');
$report_mode = (isset($mode) and in_array($mode, $allowed_modes)) ? $mode : 1;
// Report Form
$report_form = xml::get_node_text($report, 'form_name', FALSE);
if ($report_form) {
if (!isset($this->existing_forms[utf8::strtoupper($report_form)])) {
$this->notices[] = Kohana::lang('import.xml.no_form_exists') . $this->totalreports . ': "' . $report_form . '"';
}
$form_id = isset($this->existing_forms[utf8::strtoupper($report_form)]) ? $this->existing_forms[utf8::strtoupper($report_form)] : 1;
}
// Report Date added
$dateadd = xml::get_node_text($report, 'dateadd');
// Report Description
$report_description = xml::get_node_text($report, 'description');
$new_report = new Incident_Model();
$new_report->location_id = isset($new_location) ? $new_location->id : 0;
$new_report->user_id = 0;
$new_report->incident_title = $report_title;
$new_report->incident_description = $report_description ? $report_description : '';
$new_report->incident_date = date("Y-m-d H:i:s", strtotime($report_date));
$new_report->incident_dateadd = ($dateadd and strtotime($dateadd)) ? $dateadd : $this->time;
$new_report->incident_active = $report_approved;
$new_report->incident_verified = $report_verified;
$new_report->incident_mode = $report_mode;
$new_report->form_id = isset($form_id) ? $form_id : 1;
$new_report->save();
// Increment imported rows counter
$this->importedreports++;
// Add this report to array of reports added during import
$this->incidents_added[] = $new_report->id;
/* Step 3: Save Report Categories*/
// Report Categories exist?
$reportcategories = $report->getElementsByTagName('report_categories');
if ($reportcategories->length > 0) {
$report_categories = $reportcategories->item(0);
foreach ($report_categories->getElementsByTagName('category') as $r_category) {
$category = trim($r_category->nodeValue);
$report_category = (isset($category) and $category != '') ? $category : '';
if ($report_category != '' and isset($this->existing_categories[utf8::strtoupper($report_category)])) {
// Save the incident category
$new_incident_category = new Incident_Category_Model();
$new_incident_category->incident_id = $new_report->id;
$new_incident_category->category_id = $this->existing_categories[utf8::strtoupper($report_category)];
$new_incident_category->save();
// Add this to array of incident categories added
$this->incident_categories_added[] = $new_incident_category->id;
}
if ($report_category != '' and !isset($this->existing_categories[utf8::strtoupper($report_category)])) {
$this->notices[] = Kohana::lang('import.xml.no_category_exists') . $this->totalreports . ': "' . $report_category . '"';
}
}
}
/* Step 4: Save Custom form field responses for this report */
// Report Custom Fields
$this_form = $new_report->form_id;
$reportfields = $report->getElementsByTagName('custom_fields');
if ($reportfields->length > 0) {
$report_fields = $reportfields->item(0);
$custom_fields = $report_fields->getElementsByTagName('field');
if ($custom_fields->length > 0) {
foreach ($custom_fields as $field) {
// Field Name
$field_name = $field->hasAttribute('name') ? xml::get_node_text($field, 'name', FALSE) : FALSE;
if ($field_name) {
// If this field exists in the form listed for this report
if (isset($this->existing_fields[utf8::strtoupper($field_name)][$this_form])) {
// Get field type and default values
$match_field_id = $this->existing_fields[utf8::strtoupper($field_name)][$this_form];
// Grab form field object
$match_fields = ORM::Factory('form_field', $match_field_id);
$match_field_type = $match_fields->field_type;
$match_field_defaults = $match_fields->field_default;
// Grab form responses
$field_response = trim($field->nodeValue);
if ($field_response != '') {
// Initialize form response model
$new_form_response = new Form_Response_Model();
$new_form_response->incident_id = $new_report->id;
$new_form_response->form_field_id = $match_field_id;
// For radio buttons, checkbox fields and drop downs, make sure form responses are
// within bounds of allowable options for that field
// Split field defaults into individual values
$field_defaults = explode(',', $match_field_defaults);
/* Radio buttons and Drop down fields which take single responses */
if ($match_field_type == 5 or $match_field_type == 7) {
foreach ($field_defaults as $match_field_default) {
// Carry out a case insensitive string comparison
$new_form_response->form_response = strcasecmp($match_field_default, $field_response) == 0 ? $match_field_default : NULL;
}
}
// Checkboxes which
if ($match_field_type == 6) {
// Split user responses into individual value
$responses = explode(',', $field_response);
$values = array();
foreach ($match_field_defaults as $match_field_default) {
foreach ($responses as $response) {
$values[] = strcasecmp($match_field_default, $response) == 0 ? $match_field_default : NULL;
}
}
// Concatenate checkbox values into a string, separated by a comma
$new_form_response->form_response = implode(",", $values);
} else {
$new_form_response->form_response = $field_response;
}
// Only save if form response is not empty
if ($new_form_response->form_response != NULL) {
$new_form_response->save();
}
// Add this to array of form responses added
$this->incident_responses_added[] = $new_form_response->id;
}
} else {
$this->notices[] = Kohana::lang('import.xml.form_field_no_match') . $this->totalreports . ': "' . $field_name . '" on form "' . $new_report->form->form_title . '"';
}
}
}
}
}
/* Step 5: Save incident persons for this report */
// Report Personal Information
$personal_info = $report->getElementsByTagName('personal_info');
// If personal info exists
if ($personal_info->length > 0) {
$report_info = $personal_info->item(0);
// First Name
$firstname = xml::get_node_text($report_info, 'first_name');
// Last Name
$lastname = xml::get_node_text($report_info, 'last_name');
// Email
$r_email = xml::get_node_text($report_info, 'email');
$email = ($r_email and valid::email($r_email)) ? $r_email : NULL;
$new_incident_person = new Incident_Person_Model();
$new_incident_person->incident_id = $new_report->id;
$new_incident_person->person_date = $new_report->incident_dateadd;
// Make sure that at least one of the personal info field entries is provided
if ($firstname or $lastname or $email != NULL) {
$new_incident_person->person_first = $firstname ? $firstname : NULL;
$new_incident_person->person_last = $lastname ? $firstname : NULL;
$new_incident_person->person_email = $email;
$new_incident_person->save();
// Add this to array of incident persons added during import
$this->incident_persons_added[] = $new_incident_person->id;
}
}
/* Step 6: Save media links for this report */
// Report Media
$media = $report->getElementsByTagName('media');
if ($media->length > 0) {
$media = $media->item(0);
foreach ($media->getElementsByTagName('item') as $media_element) {
$media_link = trim($media_element->nodeValue);
$media_date = $media_element->getAttribute('date');
if (!empty($media_link)) {
$media_item = new Media_Model();
$media_item->location_id = isset($new_location) ? $new_location->id : 0;
$media_item->incident_id = $new_report->id;
$media_item->media_type = $media_element->getAttribute('type');
$media_item->media_link = $media_link;
$media_item->media_date = !empty($media_date) ? $media_date : $new_report->incident_date;
$media_item->save();
}
}
}
}
}
}
// end individual report import
// If we have errors, return FALSE, else TRUE
return count($this->errors) === 0;
}
public function index($user_id = 0)
{
// Set messages to display on the login page for the user
$message = FALSE;
$message_class = 'login_error';
$auth = Auth::instance();
// If already logged in redirect to user account page
$insufficient_role = FALSE;
if ($auth->logged_in()) {
// Redirect users to the relevant dashboard
if ($auth->logged_in('login')) {
url::redirect($auth->get_user()->dashboard());
}
$insufficient_role = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.insufficient_role');
}
// setup and initialize form field names
$form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '', 'confirmation_email' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$openid_error = FALSE;
$success = FALSE;
$change_pw_success = FALSE;
$new_confirm_email_form = FALSE;
$action = isset($_POST["action"]) ? $_POST["action"] : "";
// Override success variable if change_pw_success GET var is set
if (isset($_GET["change_pw_success"])) {
$change_pw_success = TRUE;
$message_class = 'login_success';
$message = Kohana::lang('ui_main.password_changed_successfully');
}
// Show send new confirm email form
if (isset($_GET["new_confirm_email"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.must_confirm_email_address');
}
// Show send new confirm email form
if (isset($_GET["confirmation_failure"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.confirm_email_failed');
}
// Show that confirming the email address was a success
if (isset($_GET["confirmation_success"])) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.confirm_email_successful');
}
// Is this a password reset request? We need to show the password reset form if it is
if (isset($_GET["reset"])) {
$this->template->token = $this->uri->segment(4);
$this->template->changeid = $this->uri->segment(3);
}
// Regular Form Post for Signin
// check, has the form been submitted, if so, setup validation
if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") {
// START: Signin Process
$post = Validation::factory($_POST);
$post->pre_filter('trim');
$post->add_rules('username', 'required');
$post->add_rules('password', 'required');
if ($post->validate(FALSE)) {
// Sanitize $_POST data removing all inputs without rules
$postdata_array = $post->safe_array();
// Flip this flag to flase to skip the login
$valid_login = TRUE;
// Load the user
$user = ORM::factory('user', $postdata_array['username']);
$remember = isset($post->remember) ? TRUE : FALSE;
// Allow a login with username or email address, but we need to figure out which is
// which so we can pass the appropriate variable on login. Mostly used for RiverID
$email = $postdata_array['username'];
if (valid::email($email) == FALSE) {
// Invalid Email, we need to grab it from the user account instead
$email = $user->email;
if (valid::email($email) == FALSE and kohana::config('riverid.enable') == TRUE) {
// We don't have any valid email for this user.
// Only skip login if we are authenticating with RiverID.
$valid_login = FALSE;
}
}
// Auth Login requires catching exceptions to properly show errors
try {
$login = $auth->login($user, $postdata_array['password'], $remember, $email);
// Attempt a login
if ($login and $valid_login) {
// Action::user_login - User Logged In
Event::run('ushahidi_action.user_login', $user);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// If user isn't confirmed, redirect to resend confirmation page
if (Kohana::config('settings.require_email_confirmation') and ORM::factory('user', $user)->confirmed == 0) {
url::redirect("login?new_confirm_email");
}
// Generic Error if exception not passed
$post->add_error('password', 'login error');
}
} catch (Exception $e) {
$error_message = $e->getMessage();
// We use a "custom" message because of RiverID.
$post->add_error('password', $error_message);
}
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Signin Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") {
// START: New User Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('email', array($this, 'email_exists_chk'));
// If Password field is not blank
if (!empty($post->password)) {
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
}
//pass the post object to any plugins that care to know.
Event::run('ushahidi_action.users_add_login_form', $post);
if ($post->validate()) {
$riverid_id = false;
if (kohana::config('riverid.enable') == true) {
$riverid = new RiverID();
$riverid->email = $post->email;
$riverid->password = $post->password;
$riverid->register();
$riverid_id = $riverid->user_id;
}
$user = User_Model::create_user($post->email, $post->password, $riverid_id, $post->name);
//pass the new user on to any plugins that care to know
Event::run('ushahidi_action.user_edit', $user);
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_account_creation_successful');
}
$success = TRUE;
$action = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: New User Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") {
// START: Forgot Password Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('resetemail', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->resetemail);
// Existing User??
if ($user->loaded) {
$email_sent = FALSE;
// Determine which reset method to use. The options are to use the RiverID server
// or to use the normal method which just resets the password locally.
if (Kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) {
// Reset on RiverID Server
$secret_link = url::site('login/index/' . $user->id . '/%token%?reset');
$message = $this->_email_resetlink_message($user->name, $secret_link);
$riverid = new RiverID();
$riverid->email = $post->resetemail;
$email_sent = $riverid->requestpassword($message);
} else {
// Reset locally
$secret = $user->forgot_password_token();
$secret_link = url::site('login/index/' . $user->id . '/' . urlencode($secret) . '?reset');
$email_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link);
}
if ($email_sent == TRUE) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
}
$success = TRUE;
$action = "";
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Forgot Password Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "changepass") {
// START: Password Change Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('token', 'required');
$post->add_rules('changeid', 'required');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
if ($post->validate()) {
$success = $this->_new_password($post->changeid, $post->password, $post->token);
if ($success == TRUE) {
// We don't need to see this page anymore if we were successful. We want to go
// to the login form and let the user know that they were successful at
// changing their password
url::redirect("login?change_pw_success");
exit;
}
$post->add_error('token', 'invalid');
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Password Change Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "resend_confirmation") {
// START: Confirmation Email Resend Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('confirmation_email', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->confirmation_email);
if ($user->loaded) {
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
$success = TRUE;
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
$success = FALSE;
}
} else {
// ERROR: User doesn't exist
$message_class = 'login_error';
$message = Kohana::lang('ui_main.login_email_doesnt_exist');
$success = FALSE;
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
}
// Only if we allow OpenID, should we even try this
if (Kohana::config('config.allow_openid') == TRUE) {
// START: OpenID Shenanigans
// OpenID Post
try {
$openid = new OpenID();
// Retrieve the Name (if available) and Email
$openid->required = array("namePerson", "contact/email");
if (!$openid->mode) {
if (isset($_POST["openid_identifier"])) {
$openid->identity = $_POST["openid_identifier"];
header("Location: " . $openid->authUrl());
}
} elseif ($openid->mode == "cancel") {
$openid_error = TRUE;
$message_class = 'login_error';
$message = "You have canceled authentication!";
} else {
if ($openid->validate()) {
// Does User Exist?
$openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find();
if ($openid_user->loaded and $openid_user->user) {
// First log all other sessions out
$auth->logout();
// Initiate Ushahidi side login + AutoLogin
$auth->force_login($openid_user->user->username);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// Does this openid have the required email??
$new_openid = $openid->getAttributes();
if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . " has not been logged in. No Email Address Found.";
} else {
// Create new User and save OpenID
$user = ORM::factory("user");
// But first... does this email address already exist
// in the system?
if ($user->email_exists($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $new_openid["contact/email"] . " is already registered in our system.";
} else {
$username = "******" . time();
// Random User Name from TimeStamp - can be changed later
$password = text::random("alnum", 16);
// Create Random Strong Password
// Name Available?
$user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username;
$user->username = $username;
$user->password = $password;
$user->email = $new_openid["contact/email"];
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Save OpenID and Association
$openid_user->user_id = $user->id;
$openid_user->openid = $openid->identity;
$openid_user->openid_email = $new_openid["contact/email"];
$openid_user->openid_server = $openid->server;
$openid_user->openid_date = date("Y-m-d H:i:s");
$openid_user->save();
// Initiate Ushahidi side login + AutoLogin
$auth->login($username, $password, TRUE);
// Redirect to Dashboard
url::redirect($user->dashboard());
}
}
}
} else {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . "has not been logged in.";
}
}
} catch (ErrorException $e) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $e->getMessage();
}
// END: OpenID Shenanigans
}
// Set the little badge under the form informing users that their logins are being managed
// by an external service.
$this->template->riverid_information = '';
if (kohana::config('riverid.enable') == TRUE) {
$riverid = new RiverID();
$this->template->riverid_information = Kohana::lang('ui_main.riverid_information', $riverid->name);
$this->template->riverid_url = $riverid->url;
}
$this->template->errors = $errors;
$this->template->success = $success;
$this->template->change_pw_success = $change_pw_success;
$this->template->form = $form;
$this->template->form_error = $form_error;
$this->template->new_confirm_email_form = $new_confirm_email_form;
// Message to user
$this->template->message_class = $message_class;
$this->template->message = $message;
// This just means the user isn't a member or an admin, so they have nowhere to go, but they are logged in.
$this->template->insufficient_role = $insufficient_role;
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->site_tagline = Kohana::config('settings.site_tagline');
// Javascript Header
$this->template->js = new View('login/login_js');
$this->template->js->action = $action;
// Header Nav
$header_nav = new View('header_nav');
$this->template->header_nav = $header_nav;
$this->template->header_nav->loggedin_user = FALSE;
if (isset(Auth::instance()->get_user()->id)) {
// Load User
$this->template->header_nav->loggedin_role = Auth::instance()->get_user()->dashboard();
$this->template->header_nav->loggedin_user = Auth::instance()->get_user();
}
$this->template->header_nav->site_name = Kohana::config('settings.site_name');
}
</span>:
<ul>
<?php
foreach ($user->openid as $openid) {
$openid_server = parse_url($openid->openid_server);
echo "<li>" . $openid->openid_email . " (" . $openid_server["host"] . ")</li>";
}
?>
</ul>
</div>
<?php
}
?>
<?php
if (isset($user->username) and ($user->username != '' or $user->username != NULL) and valid::email($user->username) == false and $user->public_profile == 1) {
?>
<div class="member_info_row"><span class="member_info_label"><?php
echo Kohana::lang('ui_main.public_profile_url');
?>
</span>:
<br/><a href="<?php
echo url::base() . 'profile/user/' . $user->username;
?>
"><?php
echo url::base() . 'profile/user/' . $user->username;
?>
</a>
</div>
<?php
}
/**
* Accessor method for setting email address
*
* @param string email the valid email address of Gravatar user
* @return self
* @access public
* @author Sam Clark
*/
public function email($email)
{
if (valid::email($email)) {
$this->email = strtolower($email);
} else {
throw new Kohana_User_Exception('Invalid email format', 'The email address \'' . $email . '\' is improperly formatted');
}
return $this;
}
public function reset_process()
{
// Validate the form input
$input = Validation::factory($this->input->post())->pre_filter('trim')->add_rules('email', 'required', 'length[4,127]');
if ($input->validate()) {
$user = ORM::factory('user')->where('email', $this->input->post('email'))->find();
if (valid::email($this->input->post('email'))) {
if ($user->loaded) {
// we have found the user and their email address.
// @todo make email useable, view, conifg options etc.
$password = text::random(Kohana::config('password_reset.password_character_type'), Kohana::config('password_reset.random_password_length'));
$user->password = $password;
if ($user->save()) {
// @todo change this. So very bad.
email::send($this->input->post('email'), '*****@*****.**', 'Password Reset', 'As requested, your password has been reset. It is now : ' . $password, TRUE);
$this->notification->add()->type('success')->title('Password Reset')->description('Your new password has been emailed to you.');
} else {
$this->notification->add()->type('error')->title('System Error')->description('The System was unable to set the new password.');
}
} else {
$this->notification->add()->type('error')->title('Invalid Email')->description('No such email address is with in our system.');
}
} else {
$this->notification->add()->type('error')->title('Invalid Email')->description('You must enter a <u>valid</u> email address to recover your password.');
}
url::redirect(url::area() . 'login');
} else {
$this->notification->add()->type('error')->title('No Email Entered')->description('You must enter a valid email address to recover your password.');
}
}
