/**
* Check, validate and store created item to db
*/
public function store()
{
if (doo_csrf()) {
$content = \Input::post('description');
$pageTitle = \Input::post('pageTitle');
$order = \Input::post('order');
$slug = \Input::post('slug');
try {
$this->app->pageForm->validator($_POST);
$this->app->page->create(['title' => $pageTitle, 'content' => $content, 'order' => $order, 'slug' => $slug]);
\App::flash('page_created', $pageTitle . ' Page created');
\Response::redirect($this->site_url . '/admin-area/pages');
} catch (\Doowebdev\Validation\DooFormValidationException $e) {
\DooSession::set('pageTitle', $pageTitle);
\DooSession::set('content', $content);
\DooSession::set('order', $order);
\DooSession::set('slug', $slug);
$this->data['pageTitle'] = \DooSession::get('pageTitle');
$this->data['content'] = \DooSession::get('content');
$this->data['order'] = \DooSession::get('order');
$this->data['slug'] = \DooSession::get('slug');
$this->data['pageTitle_errors'] = $e->getErrorFor()->first('pageTitle');
$this->data['content_errors'] = $e->getErrorFor()->first('editor1');
$this->data['order_errors'] = $e->getErrorFor()->first('order');
$this->data['slug_errors'] = $e->getErrorFor()->first('slug');
return \View::display('admin/page/create.twig', $this->data);
}
}
}
/**
* Validate authentication data
* @see http://phpsec.org/projects/guide/4.html
* @see http://www.serversidemagazine.com/php/session-hijacking
* @return <Boolean>
*/
public function validate()
{
if (isset($this->appSession) && $this->appSession->AuthData['_initialized'] !== null) {
if ($this->_securityLevel == self::LEVEL_LOW && ($this->_initialized || isset($this->appSession->AuthData['_username']) || time() - $this->appSession->AuthData['_time'] <= $this->_authSessionExpire) || ($this->_securityLevel == self::LEVEL_MEDIUM || $this->_securityLevel == self::LEVEL_HIGH) && $this->_fingerprint == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $this->_securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) {
//LEVEL_HIGH
$this->_time = time();
$this->isValid = true;
$this->username = $this->appSession->AuthData['_username'];
$this->group = $this->appSession->AuthData['_group'];
}
} else {
$this->isValid = false;
}
}
/**
* Validate authentication data
* @see http://phpsec.org/projects/guide/4.html
* @see http://www.serversidemagazine.com/php/session-hijacking
* @return boolean
*/
public function validate()
{
$authData = $this->appSession->AuthData;
$securityLevel = $authData['_securityLevel'];
if (isset($this->appSession) && $authData !== null) {
if ($securityLevel == self::LEVEL_LOW && (isset($authData['_username']) || time() - $authData['_time'] <= $this->getSessionExpire()) || ($securityLevel == self::LEVEL_MEDIUM || $securityLevel == self::LEVEL_HIGH) && $authData['_fingerprint'] == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) {
//LEVEL_HIGH
$this->isValid = true;
$this->appSession->AuthData['_time'] = time();
$this->username = $authData['_username'];
if (isset($authData['_userID'])) {
$this->userID = $authData['_userID'];
}
$this->group = $authData['_group'];
}
} else {
$this->isValid = false;
}
}
/**
* Store created item to db - post
*/
public function store()
{
if (doo_csrf()) {
$user_group = \Input::post('user_group');
$first_name = \Input::post('first_name');
$last_name = \Input::post('last_name');
$email = \Input::post('email');
$username = \Input::post('username');
$password = \Input::post('password');
try {
$this->app->adminUserForm->validator($_POST);
// Create the user
$user = $this->app->auth->createUser(['username' => $username, 'email' => $email, 'group' => $user_group, 'first_name' => $first_name, 'last_name' => $last_name, 'password' => $password, 'activated' => true]);
// Find the group using the group id
$adminGroup = $this->app->auth->findGroupByName($user_group);
// Assign the group to the user
$user->addGroup($adminGroup);
\App::flash('user-created', 'User created.');
\Response::redirect($this->site_url . '/admin-area/users');
} catch (\Doowebdev\Validation\DooFormValidationException $e) {
$adminGroup = $this->app->auth->findGroupByName($user_group);
\DooSession::set('username', $username);
\DooSession::set('email', $email);
\DooSession::set('first_name', $first_name);
\DooSession::set('last_name', $last_name);
\DooSession::set('user_group', $adminGroup->name);
$this->data['username'] = \DooSession::get('username');
$this->data['email'] = \DooSession::get('email');
$this->data['first_name'] = \DooSession::get('first_name');
$this->data['last_name'] = \DooSession::get('last_name');
$this->data['user_group'] = \DooSession::get('user_group');
$this->data['username_error'] = $e->getErrorFor()->first('username');
$this->data['email_error'] = $e->getErrorFor()->first('email');
$this->data['password_error'] = $e->getErrorFor()->first('password');
return \View::display('admin/user/create.twig', $this->data);
}
}
}
