public function boot()
{
$grav = Grav::instance();
/** @var \Grav\Plugin\Admin $admin */
$admin = $grav['admin'];
/** @var Uri $uri */
$uri = $grav['uri'];
$parts = array_filter(explode('/', $admin->route), function ($var) {
return $var !== '';
});
// Set theme.
$theme = array_shift($parts);
$this->setTheme($theme);
/** @var Request $request */
$request = $this->container['request'];
// Figure out the action we want to make.
$this->method = $request->getMethod();
$this->path = $parts;
if (!$theme) {
$this->resource = array_shift($this->path) ?: 'themes';
} else {
if (!$this->path) {
$this->path = ['configurations', 'styles'];
}
$this->resource = array_shift($this->path);
}
$this->format = $uri->extension('html');
$ajax = $this->format == 'json';
$this->params = ['ajax' => $ajax, 'location' => $this->resource, 'method' => $this->method, 'format' => $this->format, 'params' => $request->post->getJsonArray('params')];
$this->container['base_url'] = $grav['gantry5_plugin']->base;
$this->container['ajax_suffix'] = '.json';
$this->container['routes'] = ['1' => '/%s', 'themes' => '', 'picker/layouts' => '/layouts'];
$nonce = Utils::getNonce('gantry-admin');
$this->container['routes'] = ['1' => '/%s?nonce=' . $nonce, 'themes' => '', 'picker/layouts' => '/layouts?nonce=' . $nonce];
}
/**
* Used to add a nonce to a form. Call {{ nonce_field('action') }} specifying a string representing the action.
*
* For maximum protection, ensure that the string representing the action is as specific as possible.
*
* @todo evaluate if adding referrer or not
*
* @param string action the action
* @param string nonceParamName a custom nonce param name
*
* @return string the nonce input field
*/
public function nonceFieldFunc($action, $nonceParamName = 'nonce')
{
$string = '<input type="hidden" id="' . $nonceParamName . '" name="' . $nonceParamName . '" value="' . Utils::getNonce($action) . '" />';
return $string;
}
/**
* Handle the email password recovery procedure.
*
* @return bool True if the action was performed.
*/
protected function taskForgot()
{
$param_sep = $this->grav['config']->get('system.param_sep', ':');
$data = $this->post;
$username = isset($data['username']) ? $data['username'] : '';
$user = !empty($username) ? User::load($username) : null;
/** @var Language $l */
$language = $this->grav['language'];
$messages = $this->grav['messages'];
if (!isset($this->grav['Email'])) {
$messages->add($language->translate('PLUGIN_ADMIN.FORGOT_EMAIL_NOT_CONFIGURED'), 'error');
$this->setRedirect('/');
return true;
}
if (!$user || !$user->exists()) {
$messages->add($language->translate(['PLUGIN_ADMIN.FORGOT_USERNAME_DOES_NOT_EXIST', $username]), 'error');
$this->setRedirect('/forgot');
return true;
}
if (empty($user->email)) {
$messages->add($language->translate(['PLUGIN_ADMIN.FORGOT_CANNOT_RESET_EMAIL_NO_EMAIL', $username]), 'error');
$this->setRedirect('/forgot');
return true;
}
$token = md5(uniqid(mt_rand(), true));
$expire = time() + 604800;
// next week
$user->reset = $token . '::' . $expire;
$user->save();
$author = $this->grav['config']->get('site.author.name', '');
$fullname = $user->fullname ?: $username;
$reset_link = $this->grav['base_url_absolute'] . $this->grav['config']->get('plugins.login.route_reset') . '/task:login.reset/token' . $param_sep . $token . '/user' . $param_sep . $username . '/nonce' . $param_sep . Utils::getNonce('reset-form');
$sitename = $this->grav['config']->get('site.title', 'Website');
$from = $this->grav['config']->get('plugins.email.from');
if (empty($from)) {
$messages->add($language->translate('PLUGIN_ADMIN.FORGOT_EMAIL_NOT_CONFIGURED'), 'error');
$this->setRedirect('/forgot');
return true;
}
$to = $user->email;
$subject = $language->translate(['PLUGIN_ADMIN.FORGOT_EMAIL_SUBJECT', $sitename]);
$content = $language->translate(['PLUGIN_ADMIN.FORGOT_EMAIL_BODY', $fullname, $reset_link, $author, $sitename]);
$sent = LoginUtils::sendEmail($subject, $content, $to);
if ($sent < 1) {
$messages->add($language->translate('PLUGIN_ADMIN.FORGOT_FAILED_TO_EMAIL'), 'error');
} else {
$messages->add($language->translate(['PLUGIN_ADMIN.FORGOT_INSTRUCTIONS_SENT_VIA_EMAIL', $to]), 'info');
}
$this->setRedirect('/');
return true;
}
/**
* Handle the email to activate the user account.
*
* @return bool True if the action was performed.
*/
protected function sendActivationEmail($user)
{
if (empty($user->email)) {
throw new \RuntimeException($this->grav['language']->translate('PLUGIN_LOGIN.USER_NEEDS_EMAIL_FIELD'));
}
$token = md5(uniqid(mt_rand(), true));
$expire = time() + 604800;
// next week
$user->activation_token = $token . '::' . $expire;
$user->save();
$param_sep = $this->grav['config']->get('system.param_sep', ':');
$activation_link = $this->grav['base_url_absolute'] . $this->config->get('plugins.login.route_activate') . '/token' . $param_sep . $token . '/username' . $param_sep . $user->username . '/nonce' . $param_sep . Utils::getNonce('user-activation');
$sitename = $this->grav['config']->get('site.title', 'Website');
$subject = $this->grav['language']->translate(['PLUGIN_LOGIN.ACTIVATION_EMAIL_SUBJECT', $sitename]);
$content = $this->grav['language']->translate(['PLUGIN_LOGIN.ACTIVATION_EMAIL_BODY', $user->username, $activation_link, $sitename]);
$to = $user->email;
$sent = LoginUtils::sendEmail($subject, $content, $to);
if ($sent < 1) {
throw new \RuntimeException($this->grav['language']->translate('PLUGIN_LOGIN.EMAIL_SENDING_FAILURE'));
}
return true;
}
/**
* Handle the backup action
*
* @return bool True if the action was performed.
*/
protected function taskBackup()
{
$param_sep = $this->grav['config']->get('system.param_sep', ':');
if (!$this->authorizeTask('backup', ['admin.maintenance', 'admin.super'])) {
return;
}
$download = $this->grav['uri']->param('download');
if ($download) {
Utils::download(base64_decode(urldecode($download)), true);
}
$log = JsonFile::instance($this->grav['locator']->findResource("log://backup.log", true, true));
try {
$backup = ZipBackup::backup();
} catch (\Exception $e) {
$this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.AN_ERROR_OCCURRED') . '. ' . $e->getMessage()];
return true;
}
$download = urlencode(base64_encode($backup));
$url = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download . '/admin-nonce' . $param_sep . Utils::getNonce('admin-form');
$log->content(['time' => time(), 'location' => $backup]);
$log->save();
$this->admin->json_response = ['status' => 'success', 'message' => $this->admin->translate('PLUGIN_ADMIN.YOUR_BACKUP_IS_READY_FOR_DOWNLOAD') . '. <a href="' . $url . '" class="button">' . $this->admin->translate('PLUGIN_ADMIN.DOWNLOAD_BACKUP') . '</a>', 'toastr' => ['timeOut' => 0, 'closeButton' => true]];
return true;
}
/**
* Static helper method to return the admin form nonce
*
* @return string
*/
public static function getNonce()
{
$action = 'admin-form';
return Utils::getNonce($action);
}
public function testAddNonce()
{
$url = 'http://localhost/foo';
$this->assertStringStartsWith($url, Uri::addNonce($url, 'test-action'));
$this->assertStringStartsWith($url . '/nonce:', Uri::addNonce($url, 'test-action'));
$this->uri->initializeWithURL(Uri::addNonce($url, 'test-action'))->init();
$this->assertTrue(is_string($this->uri->param('nonce')));
$this->assertSame(Utils::getNonce('test-action'), $this->uri->param('nonce'));
}
/**
* Adds the nonce to a URL for a specific action
*
* @param string $url the url
* @param string $action the action
* @param string $nonceParamName the param name to use
*
* @return string the url with the nonce
*/
public static function addNonce($url, $action, $nonceParamName = 'nonce')
{
$urlWithNonce = $url . '/' . $nonceParamName . Grav::instance()['config']->get('system.param_sep', ':') . Utils::getNonce($action);
return $urlWithNonce;
}
public static function getNonce()
{
$action = 'form-plugin';
return Utils::getNonce($action);
}
public function testVerifyNonce()
{
$this->assertTrue(Utils::verifyNonce(Utils::getNonce('test-action'), 'test-action'));
}
