/**
* Generates a page for the first step of password recovery process.
*
* @param Request $request
* @return string Rendered page content
*/
public function indexAction(Request $request)
{
if ($this->getOperator()) {
// If the operator is logged in just redirect him to the home page.
return $this->redirect($request->getUriForPath('/operator'));
}
$page = array('version' => MIBEW_VERSION, 'title' => getlocal('Trouble Accessing Your Account?'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
$login_or_email = '';
if ($request->isMethod('POST')) {
// When HTTP GET method is used the form is just rendered but the
// user does not pass any data. Thus we need to prevent CSRF attacks
// only for POST requests
csrf_check_token($request);
}
if ($request->isMethod('POST') && $request->request->has('loginoremail')) {
$login_or_email = $request->request->get('loginoremail');
$to_restore = MailUtils::isValidAddress($login_or_email) ? operator_by_email($login_or_email) : operator_by_login($login_or_email);
if (!$to_restore) {
$page['errors'][] = getlocal('No such Operator');
}
$email = $to_restore['vcemail'];
if (count($page['errors']) == 0 && !MailUtils::isValidAddress($email)) {
$page['errors'][] = "Operator hasn't set his e-mail";
}
if (count($page['errors']) == 0) {
$token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : time() + microtime() . mt_rand(0, 99999999)));
// Update the operator
$to_restore['dtmrestore'] = time();
$to_restore['vcrestoretoken'] = $token;
update_operator($to_restore);
$href = $this->getRouter()->generate('password_recovery_reset', array('id' => $to_restore['operatorid'], 'token' => $token), UrlGeneratorInterface::ABSOLUTE_URL);
// Load mail templates and substitute placeholders there.
$mail_template = MailTemplate::loadByName('password_recovery', get_current_locale());
if (!$mail_template) {
throw new \RuntimeException('Cannot load "password_recovery" mail template');
}
$this->sendMail(MailUtils::buildMessage($email, $email, $mail_template->buildSubject(), $mail_template->buildBody(array(get_operator_name($to_restore), $href))));
$page['isdone'] = true;
return $this->render('password_recovery', $page);
}
}
$page['formloginoremail'] = $login_or_email;
$page['localeLinks'] = get_locale_links();
$page['isdone'] = false;
return $this->render('password_recovery', $page);
}
/**
* Imports all locale's content (messages, mail templates, configs) to database.
*
* This function does not create the locale in database so you have to create it
* by yourself.
*
* @param string $locale Code of the locale to import.
*/
function import_locale_content($locale)
{
$config = (read_locale_config(MIBEW_FS_ROOT . '/locales/' . $locale . '/config.yml') ?: array()) + array('name' => $locale, 'rtl' => false, 'time_locale' => 'en_US', 'date_format' => array('full' => '%B %d, %Y %I:%M %p', 'date' => '%B %d, %Y', 'time' => '%I:%M %p'));
Database::getInstance()->query('UPDATE {locale} SET ' . 'name = :name, rtl = :rtl, time_locale = :time_locale,' . 'date_format = :date_format ' . 'WHERE code = :code', array(':code' => $locale, ':name' => $config['name'], ':rtl' => $config['rtl'] ? 1 : 0, ':time_locale' => $config['time_locale'], ':date_format' => serialize($config['date_format'])));
// Import localized messages to the just created locale
import_messages($locale, MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po', true);
// Import canned messages for the locale if they exist in the locale's
// files.
$canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/canned_messages.yml';
if (is_readable($canned_messages_file)) {
import_canned_messages($locale, $canned_messages_file);
}
// Import mail templates for the locale if they exist in the locale's
// files.
$mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/mail_templates.yml';
if (is_readable($mail_templates_file)) {
MailUtils::importTemplates($locale, $mail_templates_file);
}
}
/**
* Process submitting of the mail form.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the thread with specified ID and token is
* not found.
*/
public function submitFormAction(Request $request)
{
$errors = array();
$thread_id = $request->attributes->get('thread_id');
$token = $request->attributes->get('token');
// Try to load the thread
$thread = Thread::load($thread_id, $token);
if (!$thread) {
throw new NotFoundException('The thread is not found.');
}
$email = $request->request->get('email');
$group = $thread->groupId ? group_by_id($thread->groupId) : null;
if (!$email) {
$errors[] = no_field('Your email');
} elseif (!MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('Your email');
}
if (count($errors) > 0) {
$request->attributes->set('errors', $errors);
// Render the mail form again
return $this->showFormAction($request);
}
$history = '';
$last_id = -1;
$messages = $thread->getMessages(true, $last_id);
foreach ($messages as $msg) {
$history .= message_to_text($msg);
}
// Load mail templates and substitute placeholders there.
$mail_template = MailTemplate::loadByName('user_history', get_current_locale());
if ($mail_template) {
$this->sendMail(MailUtils::buildMessage($email, MIBEW_MAILBOX, $mail_template->buildSubject(), $mail_template->buildBody(array($thread->userName, $history, Settings::get('title'), Settings::get('hosturl')))));
} else {
trigger_error('Cannot send e-mail because "user_history" mail template cannot be loaded.', E_USER_WARNING);
}
$page = setup_logo($group);
$page['email'] = $email;
return $this->render('mailsent', $page);
}
/**
* Process submitted leave message form.
*
* Send message to operator email and create special meil thread.
* @param array $args Associative array of arguments. It must contains the
* following keys:
* - 'threadId': for this function this param equals to null;
* - 'token': for this function this param equals to null;
* - 'name': string, user name;
* - 'email': string, user email;
* - 'message': string, user message;
* - 'info': string, some info about user;
* - 'referrer': string, page user came from;
* - 'captcha': string, captcha value;
* - 'groupId': selected group id.
*
* @throws \Mibew\RequestProcessor\ThreadProcessorException Can throw an
* exception if captcha or email is wrong.
*/
protected function apiProcessLeaveMessage($args)
{
// Check captcha
if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) {
$captcha = $args['captcha'];
$original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
: '';
unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
if (empty($original) || empty($captcha) || $captcha != $original) {
throw new ThreadProcessorException(
getlocal('The letters you typed don\'t match the letters that were shown in the picture.'),
ThreadProcessorException::ERROR_WRONG_CAPTCHA
);
}
}
// Get form fields
$email = $args['email'];
$name = $args['name'];
$message = $args['message'];
$info = $args['info'];
$referrer = $args['referrer'];
if (!MailUtils::isValidAddress($email)) {
throw new ThreadProcessorException(
wrong_field("Your email"),
ThreadProcessorException::ERROR_WRONG_EMAIL
);
}
// Verify group id
$group_id = '';
if (Settings::get('enablegroups') == '1') {
if (preg_match("/^\d{1,8}$/", $args['groupId']) != 0) {
$group = group_by_id($args['groupId']);
if ($group) {
$group_id = $args['groupId'];
}
}
}
// Create thread for left message
$remote_host = get_remote_host();
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$visitor = visitor_from_request();
// Get message locale
$message_locale = Settings::get('left_messages_locale');
if (!locale_is_available($message_locale)) {
$message_locale = get_home_locale();
}
// Create thread
$thread = new Thread();
$thread->groupId = $group_id;
$thread->userName = $name;
$thread->remote = $remote_host;
$thread->referer = $referrer;
$thread->locale = get_current_locale();
$thread->userId = $visitor['id'];
$thread->userAgent = $user_browser;
$thread->state = Thread::STATE_LEFT;
$thread->closed = time();
$thread->save();
// Send some messages
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)
);
}
if ($email) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
);
}
if ($info) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Info: {0}', array($info), get_current_locale(), true)
);
}
$thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
// Get email for message
$inbox_mail = get_group_email($group_id);
if (empty($inbox_mail)) {
$inbox_mail = Settings::get('email');
}
// Send email
if ($inbox_mail) {
// Prepare message to send by email
$mail_template = MailTemplate::loadByName('leave_message', $message_locale);
if (!$mail_template) {
trigger_error(
'Cannot send e-mail because "leave_message" mail template cannot be loaded.',
E_USER_WARNING
);
return;
}
$subject = $mail_template->buildSubject(array($args['name']));
$body = $mail_template->buildBody(array(
$args['name'],
$email,
$message,
($info ? $info . "\n" : ""),
));
// Send
$this->getMailerFactory()->getMailer()->send(
MailUtils::buildMessage($inbox_mail, $email, $subject, $body)
);
}
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\CommonController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws BadRequestException If one or more parameters of the request have
* wrong format.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$params = array();
$params['email'] = $request->request->get('email');
$params['title'] = $request->request->get('title');
$params['logo'] = $request->request->get('logo');
$params['hosturl'] = $request->request->get('hosturl');
$params['usernamepattern'] = $request->request->get('usernamepattern');
$params['chattitle'] = $request->request->get('chattitle');
$params['geolink'] = $request->request->get('geolink');
$params['geolinkparams'] = $request->request->get('geolinkparams');
$params['cron_key'] = $request->request->get('cronkey');
$send_key = $request->request->get('sendmessagekey');
if (!preg_match("/^c?enter\$/", $send_key)) {
throw new BadRequestException('Wrong format of "sendmessagekey" field.');
}
$params['sendmessagekey'] = $send_key;
$params['left_messages_locale'] = $request->request->get('leftmessageslocale');
if (!in_array($params['left_messages_locale'], get_available_locales())) {
$params['left_messages_locale'] = get_home_locale();
}
if ($params['email'] && !MailUtils::isValidAddress($params['email'])) {
$errors[] = getlocal('Enter a valid email address');
}
if ($params['geolinkparams']) {
foreach (explode(',', $params['geolinkparams']) as $one_param) {
$wrong_param = !preg_match("/^\\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\\d{1,4}\$/", $one_param);
if ($wrong_param) {
$errors[] = "Wrong link parameter: \"{$one_param}\", " . "should be one of 'toolbar, scrollbars, location, " . "status, menubar, width, height or resizable'";
}
}
}
if (preg_match("/^[0-9A-Za-z]*\$/", $params['cron_key']) == 0) {
$errors[] = getlocal('Use only Latin letters(upper and lower case) and numbers in cron key.');
}
// Load styles configs
$chat_style = $request->request->get('chat_style', ChatStyle::getDefaultStyle());
$chat_style_list = ChatStyle::getAvailableStyles();
if (!in_array($chat_style, $chat_style_list)) {
$chat_style = $chat_style_list[0];
}
$page_style = $request->request->get('page_style', PageStyle::getDefaultStyle());
$page_style_list = PageStyle::getAvailableStyles();
if (!in_array($page_style, $page_style_list)) {
$page_style = $page_style_list[0];
}
if (Settings::get('enabletracking')) {
$invitation_style = $request->request->get('invitation_style', InvitationStyle::getDefaultStyle());
$invitation_style_list = InvitationStyle::getAvailableStyles();
if (!in_array($invitation_style, $invitation_style_list)) {
$invitation_style = $invitation_style_list[0];
}
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Update system settings
foreach ($params as $key => $value) {
Settings::set($key, $value);
}
// Update styles params
ChatStyle::setDefaultStyle($chat_style);
PageStyle::setDefaultStyle($page_style);
if (Settings::get('enabletracking')) {
InvitationStyle::setDefaultStyle($invitation_style);
}
// Redirect the user to the same page using GET method
$redirect_to = $this->generateUrl('settings_common', array('stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showEditFormAction()} method.
*
* @param Request $request incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$group_id = $request->attributes->get('group_id', false);
$parent_group = $request->request->get('parentgroup');
if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) {
$parent_group = null;
}
$name = $request->request->get('name');
$description = $request->request->get('description');
$common_name = $request->request->get('commonname');
$common_description = $request->request->get('commondescription');
$email = $request->request->get('email');
$weight = $request->request->get('weight');
$title = $request->request->get('title');
$chat_title = $request->request->get('chattitle');
$host_url = $request->request->get('hosturl');
$logo = $request->request->get('logo');
if (!$name) {
$errors[] = no_field("Name");
}
if ($email != '' && !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field("E-mail");
}
if (!preg_match("/^(\\d{1,10})?\$/", $weight)) {
$errors[] = wrong_field("Weight");
}
if (!$weight) {
$weight = 0;
}
$existing_group = group_by_name($name);
$duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid'];
if ($duplicate_name) {
$errors[] = getlocal("Please choose another name because a group with that name already exists.");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$group_id) {
// Greate new group
$new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's member page.
$redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid']));
} else {
// Update exisitng group
update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's page.
$redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id));
}
return $this->redirect($redirect_to);
}
/**
* Enables specified locale.
*
* @param string $locale Locale code according to RFC 5646.
* @todo Rewrite the function and move somewhere locale creation and its import.
*/
function enable_locale($locale)
{
$db = Database::getInstance();
// Check if the locale exists in the database
list($count) = $db->query(
"SELECT COUNT(*) FROM {locale} WHERE code = :code",
array(':code' => $locale),
array(
'return_rows' => Database::RETURN_ONE_ROW,
'fetch_type' => Database::FETCH_NUM,
)
);
if ($count == 0) {
// The locale does not exist in the database. Create it.
$db->query(
"INSERT INTO {locale} (code, enabled) VALUES (:code, :enabled)",
array(
':code' => $locale,
':enabled' => 1,
)
);
// Import localized messages to the just created locale
import_messages(
$locale,
MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po',
true
);
// Import canned messages for the locale if they exist in the locale's
// files.
$canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/canned_messages.yml';
if (is_readable($canned_messages_file)) {
import_canned_messages($locale, $canned_messages_file);
}
// Import mail templates for the locale if they exist in the locale's
// files.
$mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/mail_templates.yml';
if (is_readable($mail_templates_file)) {
MailUtils::importTemplates($locale, $mail_templates_file);
}
} else {
// The locale exists in the database. Update it.
$db->query(
"UPDATE {locale} SET enabled = :enabled WHERE code = :code",
array(
':enabled' => 1,
':code' => $locale,
)
);
}
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Import locales content, namely translations, canned messages and mail
* templates.
*
* When the content will be imported the locale will be marked as enabled.
* @return boolean True if all content was imported successfully and false
* otherwise.
*/
protected function importLocalesContent()
{
if (!($db = $this->getDatabase())) {
return false;
}
try {
$locales = $db->query(
'SELECT * FROM {locale} WHERE enabled = :enabled',
array(':enabled' => 0),
array('return_rows' => Database::RETURN_ALL_ROWS)
);
foreach ($locales as $locale_info) {
$locale = $locale_info['code'];
// Import localized messages
import_messages(
$locale,
MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po',
true
);
// Import canned messages
$canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale
. '/canned_messages.yml';
if (is_readable($canned_messages_file)) {
import_canned_messages($locale, $canned_messages_file);
}
// Import mail templates
$mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale
. '/mail_templates.yml';
if (is_readable($mail_templates_file)) {
MailUtils::importTemplates($locale, $mail_templates_file);
}
// Mark the locale as "enabled" to indicate that all its content
// is imported.
$db->query(
'UPDATE {locale} SET enabled = :enabled WHERE code = :locale',
array(
':locale' => $locale,
':enabled' => 1,
)
);
}
} catch (\Exception $e) {
$this->errors[] = getlocal(
'Cannot import locales content. Error: {0}',
array($e->getMessage())
);
return false;
}
return true;
}