/**
* Sends a reminder mail to definined member groups.
*/
public function sendReminderMail()
{
// first check if required extension 'associategroups' is installed
if (!in_array('associategroups', $this->Config->getActiveModules())) {
$this->log('RscNewsletterReminder: Extension "associategroups" is required!', 'RscNewsletterReminder sendReminderMail()', TL_ERROR);
return false;
}
$this->loadLanguageFile("tl_settings");
if ($this->timeleadReached()) {
$objEmail = new \Email();
$objEmail->logFile = 'RscNewsletterReminderEmail.log';
$objEmail->from = $GLOBALS['TL_CONFIG']['rscNewsletterReminderEmailSenderAddress'];
$objEmail->fromName = strlen($GLOBALS['TL_CONFIG']['rscNewsletterReminderEmailSenderName']) > 0 ? $GLOBALS['TL_CONFIG']['rscNewsletterReminderEmailSenderName'] : $GLOBALS['TL_CONFIG']['websiteTitle'];
$objEmail->subject = $this->replaceEmailInsertTags($GLOBALS['TL_CONFIG']['rscNewsletterReminderEmailSubject']);
$objEmail->html = $this->replaceEmailInsertTags($GLOBALS['TL_CONFIG']['rscNewsletterReminderEmailContent']);
$objEmail->text = $this->transformEmailHtmlToText($objEmail->html);
try {
$objEmail->sendTo($this->getReceiverEmails());
$this->log('Monthly sending newsletter reminder finished successfully.', 'RscNewsletterReminder sendReminderMail()', TL_CRON);
return true;
} catch (Swift_RfcComplianceException $e) {
$this->log("Mail could not be send: " . $e->getMessage(), "RscNewsletterReminder sendReminderMail()", TL_ERROR);
return false;
}
}
return true;
}
public function sendEmail($subject, $body)
{
$email = $this->email;
$e = new Email();
$e->subject = $subject;
$e->body = $body;
$e->sendTo($email);
}
/**
* Execute the default Events (send mail / add/remove groups)
* @param string $strEvent
* @param object $objMember
* @param object $objAbo
* @param object $objAboOrder
*/
public function defaultEvents($strEvent, $objMember, $objAbo, $objAboOrder)
{
$objEvents = \Database::getInstance()->prepare("\n\t\t\tSELECT\t* FROM tl_abo_events as e\n\t\t\t\tLEFT JOIN tl_abo as a\n\t\t\t\tON a.id = e.pid\n\t\t\tWHERE a.id = ?\n\t\t\t\tAND e.published = 1\n\t\t\t\tAND e.event = ?")->execute($objAbo->id, $strEvent);
if (!$objEvents->numRows) {
return;
}
$this->aboLog("Event: " . $strEvent . " ausgeführt", __METHOD__, 'INFO', $objMember->id);
// Load Current Abo
$this->setAbo($objAbo);
$this->setMember($objMember);
$this->setAboOrder($objAboOrder);
while ($objEvents->next()) {
// send mail ?
if ($objEvents->use_email) {
$objMail = new \Email();
$objMail->subject = $this->replaceInsertTagsAbo($objEvents->email_subject, $objMember);
$objMail->text = $this->replaceInsertTagsAbo($objEvents->email_text, $objMember);
if ($objEvents->email_template) {
$strTemplatePath = $objEvents->email_template;
if (VERSION >= 3) {
$objFile = \FilesModel::findByPk($strTemplatePath);
$strTemplatePath = $objFile->path;
}
$objMailTemplate = new File($strTemplatePath);
$objMail->html = $this->replaceInsertTagsAbo($objMailTemplate->getContent(), $objMember);
}
$objMail->from = $objEvents->email_from;
$objMail->fromName = $objEvents->email_fromname;
if ($objEvents->email_bcc) {
$objMail->sendBcc($objEvents->email_bcc);
}
$objMail->sendTo($objMember->email);
$this->aboLog("E-Mail an " . $objMember->email . ' versendet.', __METHOD__, 'INFO', $objMember->id);
}
// set groups ?
if ($objEvents->use_groups) {
$arrMergedGroups = $this->groupManager($objMember, $objEvents->addGroups, $objEvents->removeGroups);
Database::getInstance()->prepare("UPDATE tl_member SET groups = ? WHERE id = ?")->execute(serialize($arrMergedGroups), $objMember->id);
$this->aboLog("Mitgliedergruppen: Aktiviert (" . implode(',', deserialize($objEvents->addGroups, true)) . ') / Deaktiviert: (' . implode(',', deserialize($objEvents->removeGroups, true)) . ')', __METHOD__, 'INFO', $objMember->id);
}
}
}
public function showPopup()
{
$objTemplate = new \BackendTemplate('be_formbox');
$objUser = \BackendUser::getInstance();
if (\Input::post('FORM_SUBMIT') == 'formbox') {
$objDate = new \Date();
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_CONFIG']['websiteTitle'] . ' - ' . $GLOBALS['TL_CONFIG']['be_formbox_button_text'];
$strHtml = '<p>User: '******' (' . $objUser->email . ')</p>';
$strHtml .= '<p>Site: ' . \Input::post('url') . '</p>';
$strHtml .= '<p>Datum: ' . $objDate->datim . '</p>';
$strHtml .= '<p>Message: ' . \Input::post('message') . '</p>';
$objEmail->html = $strHtml;
$objEmail->replyTo($objUser->name . ' <' . $objUser->email . '>');
$objEmail->sendTo($GLOBALS['TL_CONFIG']['be_formbox_email']);
$objTemplate->strMessageSent = $GLOBALS['TL_CONFIG']['be_formbox_message_sent'];
}
$objTemplate->strFormUrl = 'contao/main.php?do=undo&key=be-formbox&nb=1&popup=1';
$objTemplate->strUrl = base64_decode(\Input::get('link'));
$objTemplate->strFormboxMessage = $GLOBALS['TL_CONFIG']['be_formbox_message'];
return $objTemplate->parse();
}
/**
* Compile the newsletter and send it
* @param object
* @param object
* @param array
* @param string
* @param string
* @param string
* @return string
*/
protected function sendNewsletter(Email $objEmail, Database_Result $objNewsletter, $arrRecipient, $text, $html, $css)
{
// Prepare text content
$objEmail->text = $this->parseSimpleTokens($text, $arrRecipient);
// Add HTML content
if (!$objNewsletter->sendText) {
// Get the mail template
$objTemplate = new BackendTemplate(strlen($objNewsletter->template) ? $objNewsletter->template : 'mail_default');
$objTemplate->setData($objNewsletter->row());
$objTemplate->title = $objNewsletter->subject;
$objTemplate->body = $this->parseSimpleTokens($html, $arrRecipient);
$objTemplate->charset = $GLOBALS['TL_CONFIG']['characterSet'];
$objTemplate->css = $css;
// Parse template
$objEmail->html = $objTemplate->parse();
$objEmail->imageDir = TL_ROOT . '/';
}
// Deactivate invalid addresses
try {
$objEmail->sendTo($arrRecipient['email']);
} catch (Swift_RfcComplianceException $e) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
// Rejected recipients
if (count($objEmail->failures)) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
$this->loadLanguageFile('default');
// Do not continue if username or password are missing
if (!\Input::post('username') || !\Input::post('password')) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username')) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback}[1](\Input::post('username'), \Input::post('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username')) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username') . '"', get_class($this) . ' login()', TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = $GLOBALS['TL_CONFIG']['loginCount'];
$this->save();
// Add a log entry
$this->log('The account has been locked for security reasons', get_class($this) . ' login()', TL_ACCESS);
// Send admin notification
if (strlen($GLOBALS['TL_CONFIG']['adminEmail'])) {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Environment::get('base'), ceil($GLOBALS['TL_CONFIG']['lockPeriod'] / 60));
$objEmail->sendTo($GLOBALS['TL_CONFIG']['adminEmail']);
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
$blnAuthenticated = false;
list($strPassword, $strSalt) = explode(':', $this->password);
// Password is correct but not yet salted
if (!strlen($strSalt) && $strPassword == sha1(\Input::post('password'))) {
$strSalt = substr(md5(uniqid(mt_rand(), true)), 0, 23);
$strPassword = sha1($strSalt . \Input::post('password'));
$this->password = $strPassword . ':' . $strSalt;
}
// Check the password against the database
if (strlen($strSalt) && $strPassword == sha1($strSalt . \Input::post('password'))) {
$blnAuthenticated = true;
} elseif (isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback}[1](\Input::post('username'), \Input::post('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', get_class($this) . ' login()', TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = $GLOBALS['TL_CONFIG']['loginCount'];
$this->save();
// Generate the session
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', get_class($this) . ' login()', TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback}[1]($this);
}
}
return true;
}
/**
* Send a newsletter.
*/
protected function sendNewsletter(Email $email, $plain, $html, $recipientData, $personalized)
{
// set text content
$email->text = $plain;
// Prepare html content
$email->html = $html;
$email->imageDir = TL_ROOT . '/';
$failed = false;
// Deactivate invalid addresses
try {
if ($GLOBALS['TL_CONFIG']['avisota_developer_mode']) {
$email->sendTo($GLOBALS['TL_CONFIG']['avisota_developer_email']);
} else {
$email->sendTo($recipientData['email']);
}
} catch (Swift_RfcComplianceException $e) {
$failed = true;
}
// Rejected recipients
if (count($email->failures)) {
$failed = true;
}
$this->Static->resetRecipient();
return !$failed;
}
/**
* Edit a task
*/
protected function editTask()
{
$this->Template = new BackendTemplate('be_task_edit');
$fs = $this->Session->get('fieldset_states');
$this->Template->titleClass = (isset($fs['tl_tasks']['title_legend']) && !$fs['tl_tasks']['title_legend']) ? ' collapsed' : '';
$this->Template->assignClass = (isset($fs['tl_tasks']['assign_legend']) && !$fs['tl_tasks']['assign_legend']) ? ' collapsed' : '';
$this->Template->statusClass = (isset($fs['tl_tasks']['status_legend']) && !$fs['tl_tasks']['status_legend']) ? ' collapsed' : '';
$this->Template->historyClass = (isset($fs['tl_tasks']['history_legend']) && !$fs['tl_tasks']['history_legend']) ? ' collapsed' : '';
$this->Template->goBack = $GLOBALS['TL_LANG']['MSC']['goBack'];
$this->Template->headline = sprintf($GLOBALS['TL_LANG']['tl_task']['edit'][1], $this->Input->get('id'));
$objTask = $this->Database->prepare("SELECT *, (SELECT name FROM tl_user u WHERE u.id=t.createdBy) AS creator FROM tl_task t WHERE id=?")
->limit(1)
->execute($this->Input->get('id'));
if ($objTask->numRows < 1)
{
$this->log('Invalid task ID "' . $this->Input->get('id') . '"', 'ModuleTask editTask()', TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
// Check if the user is allowed to edit the task
if (!$this->User->isAdmin && $objTask->createdBy != $this->User->id)
{
$this->log('Not enough permissions to edit task ID "' . $this->Input->get('id') . '"', 'ModuleTask editTask()', TL_ERROR);
$this->redirect('contao/main.php?act=error');
}
// Advanced options
$this->blnAdvanced = ($this->User->isAdmin || $objTask->createdBy == $this->User->id);
$this->Template->advanced = $this->blnAdvanced;
$this->Template->title = $this->blnAdvanced ? $this->getTitleWidget($objTask->title) : $objTask->title;
$this->Template->deadline = $this->blnAdvanced ? $this->getDeadlineWidget($this->parseDate($GLOBALS['TL_CONFIG']['dateFormat'], $objTask->deadline)) : $this->parseDate($GLOBALS['TL_CONFIG']['dateFormat'], $objTask->deadline);
$arrHistory = array();
// Get the status
$objStatus = $this->Database->prepare("SELECT *, (SELECT name FROM tl_user u WHERE u.id=s.assignedTo) AS name FROM tl_task_status s WHERE pid=? ORDER BY tstamp")
->execute($this->Input->get('id'));
while($objStatus->next())
{
$arrHistory[] = array
(
'creator' => $objTask->creator,
'date' => $this->parseDate($GLOBALS['TL_CONFIG']['dateFormat'], $objStatus->tstamp),
'status' => (($GLOBALS['TL_LANG']['tl_task_status'][$objStatus->status] != '') ? $GLOBALS['TL_LANG']['tl_task_status'][$objStatus->status] : $objStatus->status),
'comment' => (($objStatus->comment != '') ? nl2br_html5($objStatus->comment) : ' '),
'assignedTo' => $objStatus->assignedTo,
'progress' => $objStatus->progress,
'class' => $objStatus->status,
'name' => $objStatus->name
);
}
$this->Template->assignedTo = $this->getAssignedToWidget($objStatus->assignedTo);
$this->Template->notify = $this->getNotifyWidget();
$this->Template->status = $this->getStatusWidget($objStatus->status, $objStatus->progress);
$this->Template->progress = $this->getProgressWidget($objStatus->progress);
$this->Template->comment = $this->getCommentWidget();
// Update task
if ($this->Input->post('FORM_SUBMIT') == 'tl_tasks' && $this->blnSave)
{
// Update task
if ($this->blnAdvanced)
{
$deadline = new Date($this->Template->deadline->value, $GLOBALS['TL_CONFIG']['dateFormat']);
$this->Database->prepare("UPDATE tl_task SET title=?, deadline=? WHERE id=?")
->execute($this->Template->title->value, $deadline->dayBegin, $this->Input->get('id'));
}
// Insert status
$arrSet = array
(
'pid' => $this->Input->get('id'),
'tstamp' => time(),
'assignedTo' => $this->Template->assignedTo->value,
'status' => $this->Template->status->value,
'progress' => (($this->Template->status->value == 'completed') ? 100 : $this->Template->progress->value),
'comment' => trim($this->Template->comment->value)
);
$this->Database->prepare("INSERT INTO tl_task_status %s")->set($arrSet)->execute();
// Notify user
if ($this->Input->post('notify'))
{
$objUser = $this->Database->prepare("SELECT email FROM tl_user WHERE id=?")
->limit(1)
->execute($this->Template->assignedTo->value);
if ($objUser->numRows)
{
$objEmail = new Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = $objTask->title;
$objEmail->text = trim($this->Template->comment->value);
$objEmail->text .= sprintf($GLOBALS['TL_LANG']['tl_task']['message'], $this->User->name, $this->Environment->base . 'contao/main.php?do=tasks&act=edit&id=' . $objTask->id);
$objEmail->sendTo($objUser->email);
}
}
// Go back
$this->redirect('contao/main.php?do=tasks');
}
$this->Template->history = $arrHistory;
$this->Template->historyLabel = $GLOBALS['TL_LANG']['tl_task']['history'];
$this->Template->deadlineLabel = $GLOBALS['TL_LANG']['tl_task']['deadline'][0];
$this->Template->dateLabel = $GLOBALS['TL_LANG']['tl_task']['date'];
$this->Template->assignedToLabel = $GLOBALS['TL_LANG']['tl_task']['assignedTo'];
$this->Template->createdByLabel = $GLOBALS['TL_LANG']['tl_task']['creator'];
$this->Template->statusLabel = $GLOBALS['TL_LANG']['tl_task']['status'][0];
$this->Template->progressLabel = $GLOBALS['TL_LANG']['tl_task']['progress'][0];
$this->Template->submit = $GLOBALS['TL_LANG']['tl_task']['editSubmit'];
$this->Template->titleLabel = $GLOBALS['TL_LANG']['tl_task']['title'][0];
$this->Template->assignLabel = $GLOBALS['TL_LANG']['tl_task']['assignedTo'];
}
/**
* Add a new recipient
*/
protected function addRecipient()
{
if (!\Environment::get('isAjaxRequest')) {
return parent::addRecipient();
}
$arrChannels = \Input::post('channels');
if (!is_array($arrChannels)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
return false;
}
$arrChannels = array_intersect($arrChannels, $this->nl_channels);
// see #3240
// Check the selection
if (!is_array($arrChannels) || empty($arrChannels)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
return false;
}
$varInput = \Idna::encodeEmail(\Input::post('email', true));
// Validate the e-mail address
if (!\Validator::isEmail($varInput)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email'];
return false;
}
$arrSubscriptions = array();
// Get the existing active subscriptions
if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrNew = array_diff($arrChannels, $arrSubscriptions);
// Return if there are no new subscriptions
if (!is_array($arrNew) || empty($arrNew)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['subscribed'];
return false;
}
// Remove old subscriptions that have not been activated yet
if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) {
while ($objOld->next()) {
$objOld->delete();
}
}
$time = time();
$strToken = md5(uniqid(mt_rand(), true));
// Add the new subscriptions
foreach ($arrNew as $id) {
$objRecipient = new \NewsletterRecipientsModel();
$objRecipient->pid = $id;
$objRecipient->tstamp = $time;
$objRecipient->email = $varInput;
$objRecipient->active = '';
$objRecipient->addedOn = $time;
$objRecipient->ip = $this->anonymizeIp(\Environment::get('ip'));
$objRecipient->token = $strToken;
$objRecipient->confirmed = '';
$objRecipient->save();
}
// Get the channels
$objChannel = \NewsletterChannelModel::findByIds($arrChannels);
// Prepare the e-mail text
$strText = str_replace('##token##', $strToken, $this->nl_subscribe);
$strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText);
$strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $strToken, $strText);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText);
// Activation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
$this->redirect($this->generateFrontendUrl($objTarget->row()));
}
$_SESSION['SUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_confirm'];
return true;
}
/**
* onsubmit_callback
* send email
*/
public function onSubmitCbSendEmail()
{
// the save-button is a fileupload-button
if (!\Input::post('saveNclose')) {
return;
}
$email = new Email();
$fromMail = $this->User->email;
$subject = \Input::post('subject');
$email->replyTo($fromMail);
$email->from = $fromMail;
$email->subject = $subject;
$email->html = base64_decode($_POST['content']);
//save attachment
$arrFiles = array();
$db = $this->Database->prepare('SELECT attachment FROM tl_be_email WHERE id=?')->execute(\Input::get('id'));
// Attachment
if ($db->attachment != '') {
$arrFiles = unserialize($db->attachment);
foreach ($arrFiles as $filekey => $filename) {
if (file_exists(TL_ROOT . '/' . BE_EMAIL_UPLOAD_DIR . '/' . $filekey)) {
$this->Files->copy(BE_EMAIL_UPLOAD_DIR . '/' . $filekey, 'system/tmp/' . $filename);
$email->attachFile(TL_ROOT . '/system/tmp/' . $filename);
}
}
}
// Cc
$cc_recipients = array_unique($this->validateEmailAddresses(\Input::post('recipientsCc'), 'recipientsCc'));
if (count($cc_recipients)) {
$email->sendCc($cc_recipients);
}
// Bcc
$bcc_recipients = array_unique($this->validateEmailAddresses(\Input::post('recipientsBcc'), 'recipientsBcc'));
if (count($bcc_recipients)) {
$email->sendBcc($bcc_recipients);
}
// To
$recipients = array_unique($this->validateEmailAddresses(\Input::post('recipientsTo'), 'recipientsTo'));
if (count($recipients)) {
$email->sendTo($recipients);
}
// Delete attachment from server
foreach ($arrFiles as $filekey => $filename) {
// delete file in the tmp-folder
if (is_file(TL_ROOT . '/system/tmp/' . $filename)) {
$this->Files->delete('/system/tmp/' . $filename);
}
}
}
/**
* Create a new user and redirect
* @param array
*/
protected function createNewUser($arrData)
{
$arrData['tstamp'] = time();
$arrData['login'] = $this->reg_allowLogin;
$arrData['activation'] = md5(uniqid(mt_rand(), true));
$arrData['dateAdded'] = $arrData['tstamp'];
if ($this->reg_createLoginCredentials) {
$this->createLoginCredentials($arrData);
}
// Set default groups
if (!array_key_exists('groups', $arrData)) {
$arrData['groups'] = $this->reg_groups;
}
// Disable account
$arrData['disable'] = 1;
// Send activation e-mail
if ($this->reg_activate) {
$arrChunks = array();
$strConfirmation = $this->reg_text;
preg_match_all('/##[^#]+##/i', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, $this->Environment->host, $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, $this->Environment->base . $this->Environment->request . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos($this->Environment->request, '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation);
break;
// HOOK: support newsletter subscriptions
// HOOK: support newsletter subscriptions
case 'channel':
case 'channels':
if (!in_array('newsletter', $this->Config->getActiveModules())) {
break;
}
// Make sure newsletter is an array
if (!is_array($arrData['newsletter'])) {
if ($arrData['newsletter'] != '') {
$arrData['newsletter'] = array($arrData['newsletter']);
} else {
$arrData['newsletter'] = array();
}
}
// Replace the wildcard
if (count($arrData['newsletter']) > 0) {
$objChannels = $this->Database->execute("SELECT title FROM tl_newsletter_channel WHERE id IN(" . implode(',', array_map('intval', $arrData['newsletter'])) . ")");
$strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation);
} else {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
}
break;
default:
$strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation);
break;
}
}
$objEmail = new Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], $this->Environment->host);
$objEmail->text = $strConfirmation;
$objEmail->sendTo($arrData['email']);
}
// replace password in database with encrypted version after mail is sent
if ($this->reg_createLoginCredentials) {
// ony encrypt password if its not already encrypted
if (!empty($arrData['password']) && strpos($arrData['password'], ':') != 40) {
$strSalt = substr(md5(uniqid(mt_rand(), true)), 0, 23);
$arrData['password'] = sha1($strSalt . $arrData['password']) . ':' . $strSalt;
$this->Database->prepare("UPDATE tl_member SET password=? WHERE id=?")->execute($arrData['password'], $insertId);
}
}
// Make sure newsletter is an array
if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) {
$arrData['newsletter'] = array($arrData['newsletter']);
}
// Create user
$objNewUser = $this->Database->prepare("INSERT INTO tl_member %s")->set($arrData)->execute();
$insertId = $objNewUser->insertId;
// Assign home directory
if ($this->reg_assignDir && is_dir(TL_ROOT . '/' . $this->reg_homeDir)) {
$this->import('Files');
$strUserDir = strlen($arrData['username']) ? $arrData['username'] : '******' . $insertId;
// Add the user ID if the directory exists
if (is_dir(TL_ROOT . '/' . $this->reg_homeDir . '/' . $strUserDir)) {
$strUserDir .= '_' . $insertId;
}
new Folder($this->reg_homeDir . '/' . $strUserDir);
$this->Database->prepare("UPDATE tl_member SET homeDir=?, assignDir=1 WHERE id=?")->execute($this->reg_homeDir . '/' . $strUserDir, $insertId);
}
// HOOK: send insert ID and user data
if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) {
foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrData);
}
}
// Inform admin if no activation link is sent
# if (!$this->reg_activate)
# {
$this->sendAdminNotification($insertId, $arrData);
# }
$this->jumpToOrReload($this->jumpTo);
}
/**
* Add a form to create new testimonials
* @param \FrontendTemplate
* @param \stdClass
* @param string
* @param integer
* @param array
*/
protected function renderTestimonialForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $intParent)
{
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_name'])), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_email'])), 'url' => array('name' => 'url', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_url'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_url'])), 'company' => array('name' => 'company', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_company'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_company'])), 'title' => array('name' => 'title', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_title'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_title'])));
if ($objConfig->enableVoteField1 && $objConfig->addVote) {
$arrFields['votefield1'] = array('name' => 'votefield1', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield1'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField2 && $objConfig->addVote) {
$arrFields['votefield2'] = array('name' => 'votefield2', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield2'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField3 && $objConfig->addVote) {
$arrFields['votefield3'] = array('name' => 'votefield3', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield3'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField4 && $objConfig->addVote) {
$arrFields['votefield4'] = array('name' => 'votefield4', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield4'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField5 && $objConfig->addVote) {
$arrFields['votefield5'] = array('name' => 'votefield5', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield5'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField6 && $objConfig->addVote) {
$arrFields['votefield6'] = array('name' => 'votefield6', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield6'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Testimonial field
$arrFields['testimonial'] = array('name' => 'testimonial', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_testimonial'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 15, 'cols' => 40, 'preserveTags' => true));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'jedo_testimonials_' . $intParent;
// Initialize the widgets
foreach ($arrFields as $arrField) {
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
$objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_TESTIMONIAL_ADDED']) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_TESTIMONIAL_ADDED'] = false;
}
// Store the testimonial
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['url']->value;
if ($strWebsite == $GLOBALS['TL_LANG']['MSC']['tm_url']) {
$strWebsite = '';
}
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the testimonial
$strTestimonial = htmlspecialchars(trim($arrWidgets['testimonial']->value));
$strTestimonial = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strTestimonial);
// Remove multiple line feeds
$strTestimonial = preg_replace('@\\n\\n+@', "\n\n", $strTestimonial);
// Parse BBCode
if ($objConfig->bbcode) {
$strTestimonial = $this->parseBbCode($strTestimonial);
}
// Prevent cross-site request forgeries
$strTestimonial = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strTestimonial);
$time = time();
if ($objConfig->addVote) {
// make the totalvote object
$fields = 0;
$value = 0.0;
if ($objConfig->enableVoteField1) {
$arrWidgets['votefield1']->value = $this->getRatingValue($arrWidgets['votefield1']->value);
$value = $value + $arrWidgets['votefield1']->value;
$fields++;
}
if ($objConfig->enableVoteField2) {
$arrWidgets['votefield2']->value = $this->getRatingValue($arrWidgets['votefield2']->value);
$value = $value + $arrWidgets['votefield2']->value;
$fields++;
}
if ($objConfig->enableVoteField3) {
$arrWidgets['votefield3']->value = $this->getRatingValue($arrWidgets['votefield3']->value);
$value = $value + $arrWidgets['votefield3']->value;
$fields++;
}
if ($objConfig->enableVoteField4) {
$arrWidgets['votefield4']->value = $this->getRatingValue($arrWidgets['votefield4']->value);
$value = $value + $arrWidgets['votefield4']->value;
$fields++;
}
if ($objConfig->enableVoteField5) {
$arrWidgets['votefield5']->value = $this->getRatingValue($arrWidgets['votefield5']->value);
$value = $value + $arrWidgets['votefield5']->value;
$fields++;
}
if ($objConfig->enableVoteField6) {
$arrWidgets['votefield6']->value = $this->getRatingValue($arrWidgets['votefield6']->value);
$value = $value + $arrWidgets['votefield6']->value;
$fields++;
}
$totalvote = $value / $fields;
$strTVotes = number_format($totalvote, 2);
}
if ($arrWidgets['company']->value == $value_company) {
$arrWidgets['company']->value = '';
}
if ($arrWidgets['title']->value == $value_title) {
$arrWidgets['title']->value = '';
}
// Prepare the record
$arrSet = array('tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'company' => $arrWidgets['company']->value, 'title' => $arrWidgets['title']->value, 'url' => $strWebsite, 'testimonial' => $this->convertLineFeeds($strTestimonial), 'ip' => $this->anonymizeIp($this->Environment->ip), 'date' => $time, 'votestotal' => $strTVotes, 'votefield1' => !$objConfig->enableVoteField1 ? '' : $arrWidgets['votefield1']->value, 'votefield2' => !$objConfig->enableVoteField2 ? '' : $arrWidgets['votefield2']->value, 'votefield3' => !$objConfig->enableVoteField3 ? '' : $arrWidgets['votefield3']->value, 'votefield4' => !$objConfig->enableVoteField4 ? '' : $arrWidgets['votefield4']->value, 'votefield5' => !$objConfig->enableVoteField5 ? '' : $arrWidgets['votefield5']->value, 'votefield6' => !$objConfig->enableVoteField6 ? '' : $arrWidgets['votefield6']->value, 'published' => $objConfig->moderate ? '' : 1);
// Store the testimonial
$objTestimonials = new \TestimonialsModel();
$objTestimonials->setRow($arrSet)->save();
// Prepare the notification mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['tm_subject'], \Idna::decode(\Environment::get('host')));
// Convert the testimonial to plain text
$strTestimonial = strip_tags($strTestimonial);
$strTestimonial = \StringUtil::decodeEntities($strTestimonial);
$strTestimonial = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strTestimonial);
// Add the testimonial details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['tm_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strTestimonial, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=testimonials&act=edit&id=' . $objTestimonials->id);
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
// Pending for approval
if ($objConfig->moderate) {
// FIXME: notify the subscribers when the testimonial is published
$_SESSION['TL_TESTIMONIAL_ADDED'] = true;
}
$this->reload();
}
}
/**
* Compile the newsletter and send it
* @param \Email
* @param \Database_Result
* @param array
* @param string
* @param string
* @param string
* @return string
*/
protected function sendNewsletter(\Email $objEmail, \Database_Result $objNewsletter, $arrRecipient, $text, $html, $css = null)
{
// Prepare the text content
$objEmail->text = \String::parseSimpleTokens($text, $arrRecipient);
// Add the HTML content
if (!$objNewsletter->sendText) {
// Default template
if ($objNewsletter->template == '') {
$objNewsletter->template = 'mail_default';
}
// Load the mail template
$objTemplate = new \BackendTemplate($objNewsletter->template);
$objTemplate->setData($objNewsletter->row());
$objTemplate->title = $objNewsletter->subject;
$objTemplate->body = \String::parseSimpleTokens($html, $arrRecipient);
$objTemplate->charset = $GLOBALS['TL_CONFIG']['characterSet'];
$objTemplate->css = $css;
// Backwards compatibility
// Parse template
$objEmail->html = $objTemplate->parse();
$objEmail->imageDir = TL_ROOT . '/';
}
// Deactivate invalid addresses
try {
$objEmail->sendTo($arrRecipient['email']);
} catch (Swift_RfcComplianceException $e) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
// Rejected recipients
if ($objEmail->hasFailures()) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
}
/**
* Create a new user and redirect
*
* @param \MemberModel $objMember
*/
protected function sendPasswordLink($objMember)
{
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
// Prepare the simple token data
$arrData = $objMember->row();
$arrData['domain'] = \Idna::decode(\Environment::get('host'));
$arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId;
// Send e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = \String::parseSimpleTokens($this->reg_password, $arrData);
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
public function sendUnSubscribeMail($channels, $subject = '', $text = '')
{
$objChannel = \Database::getInstance()->prepare("SELECT * FROM tl_newsletter_channel WHERE id IN (" . implode(',', $channels) . ")")->limit(1)->execute();
$objEmail = new \Email();
if (empty($subject)) {
$subject = $objChannel->first()->nl_unsubscribe_subject;
}
if (empty($text)) {
$text = $objChannel->first()->nl_unsubscribe_text;
}
$strSubject = str_replace(array('##channel##', '##channels##'), implode(",", $objChannel->fetchEach('title')), $subject);
$strText = str_replace('##salutation##', $this->getSalutation(), $text);
$strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText);
$strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $this->token, $strText);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText);
$objEmail->from = $objChannel->first()->nl_unsubscribe_sender_mail ? $objChannel->first()->nl_unsubscribe_sender_mail : $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $objChannel->first()->nl_unsubscribe_sender_name ? $objChannel->first()->nl_unsubscribe_sender_name : $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = $this->replaceInsertTags($strSubject);
$objEmail->text = $this->replaceInsertTags($strText);
if ($objEmail->sendTo($this->email)) {
$_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed'];
return true;
}
return false;
}
/**
* Remove the recipient
*/
protected function removeRecipient()
{
$arrChannels = \Input::post('channels');
$arrChannels = array_intersect($arrChannels, $this->nl_channels);
// see #3240
// Check the selection
if (!is_array($arrChannels) || empty($arrChannels)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
$this->reload();
}
$varInput = \Idna::encodeEmail(\Input::post('email', true));
// Validate e-mail address
if (!\Validator::isEmail($varInput)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email'];
$this->reload();
}
$arrSubscriptions = array();
// Get the existing active subscriptions
if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrRemove = array_intersect($arrChannels, $arrSubscriptions);
// Return if there are no subscriptions to remove
if (!is_array($arrRemove) || empty($arrRemove)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['unsubscribed'];
$this->reload();
}
// Remove the subscriptions
if (($objRemove = \NewsletterRecipientsModel::findByEmailAndPids($varInput, $arrRemove)) !== null) {
while ($objRemove->next()) {
$objRemove->delete();
}
}
// Get the channels
$objChannels = \NewsletterChannelModel::findByIds($arrRemove);
$arrChannels = $objChannels->fetchEach('title');
// Log activity
$this->log($varInput . ' unsubscribed from ' . implode(', ', $arrChannels), 'ModuleUnsubscribe removeRecipient()', TL_NEWSLETTER);
// HOOK: post unsubscribe callback
if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) {
foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($varInput, $arrRemove);
}
}
// Prepare the e-mail text
$strText = str_replace('##domain##', \Environment::get('host'), $this->nl_unsubscribe);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $arrChannels), $strText);
// Confirmation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Environment::get('host'));
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
$this->redirect($this->generateFrontendUrl($objTarget->row()));
}
$_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed'];
$this->reload();
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
\System::loadLanguageFile('default');
// Do not continue if username or password are missing
if (empty($_POST['username']) || empty($_POST['password'])) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username', true)) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444)
$this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS);
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60)));
// Send admin notification
if (\Config::get('adminEmail') != '') {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60));
$objEmail->sendTo(\Config::get('adminEmail'));
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
// The password has been generated with crypt()
if (\Encryption::test($this->password)) {
$blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password'));
// Store a SHA-512 encrpyted version of the password
if ($blnAuthenticated) {
$this->password = \Encryption::hash(\Input::postUnsafeRaw('password'));
}
}
// HOOK: pass credentials to callback functions
if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Generate the session
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback[1]}($this);
}
}
return true;
}
/**
* Sends an information mail about the submission of the new member.
*/
private function sendInformationMail($member)
{
if ($this->isActionAllowed('send_email') && $this->isMemberNew($member)) {
// first check if required extension 'ExtendedEmailRegex' is installed
if (!in_array('extendedEmailRegex', $this->Config->getActiveModules())) {
$this->log('RscMemberSubmissionPostProcessor: Extension "ExtendedEmailRegex" is required!', 'RscMemberSubmissionPostProcessor sendInformationMail()', TL_ERROR);
return false;
}
$this->import('ExtendedEmailRegex', 'Base');
$objEmail = new Email();
$objEmail->logFile = 'RscMemberSubmissionPostProcessorEmail.log';
$objEmail->from = $GLOBALS['TL_CONFIG']['adminEmail'];
$objEmail->fromName = $GLOBALS['TL_CONFIG']['websiteTitle'];
$objEmail->subject = $this->replaceEmailInsertTags($GLOBALS['TL_CONFIG']['rscMemberSubmissionPostProcessorEmailSubject'], $member);
$objEmail->html = $this->replaceEmailInsertTags($GLOBALS['TL_CONFIG']['rscMemberSubmissionPostProcessorEmailContent'], $member);
$objEmail->text = $this->transformEmailHtmlToText($objEmail->html);
try {
$objEmail->sendTo(ExtendedEmailRegex::getEmailsFromList($GLOBALS['TL_CONFIG']['rscMemberSubmissionPostProcessorEmailReceiver']));
return true;
} catch (Swift_RfcComplianceException $e) {
$this->log("Mail could not be send: " . $e->getMessage(), "RscMemberSubmissionPostProcessor sendInformationMail()", TL_ERROR);
return false;
}
}
}
protected function createNewUser($arrData)
{
$arrData['tstamp'] = time();
$arrData['login'] = $this->reg_allowLogin;
$arrData['activation'] = md5(uniqid(mt_rand(), true));
$arrData['dateAdded'] = $arrData['tstamp'];
$pw = $this->getRandomPassword(6);
$arrData['password'] = \Encryption::hash($pw["clear"]);
$arrData['username'] = strtolower($arrData['email']);
$arrData['email'] = strtolower($arrData['email']);
// Set default groups
if (!array_key_exists('groups', $arrData)) {
$arrData['groups'] = $this->reg_groups;
}
// // Disable account
// $arrData['disable'] = 1;
// Send activation e-mail
if ($this->reg_activate) {
$arrChunks = array();
$strConfirmation = $this->reg_text;
preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation);
break;
case 'gen_pw':
$strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation);
break;
// HOOK: support newsletter subscriptions
// HOOK: support newsletter subscriptions
case 'channel':
case 'channels':
if (!in_array('newsletter', \ModuleLoader::getActive())) {
break;
}
// Make sure newsletter is an array
if (!is_array($arrData['newsletter'])) {
if ($arrData['newsletter'] != '') {
$arrData['newsletter'] = array($arrData['newsletter']);
} else {
$arrData['newsletter'] = array();
}
}
// Replace the wildcard
if (!empty($arrData['newsletter'])) {
$objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']);
if ($objChannels !== null) {
$strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation);
}
} else {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
}
break;
default:
$strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation);
break;
}
}
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strConfirmation;
$objEmail->sendTo($arrData['email']);
}
// Make sure newsletter is an array
if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) {
$arrData['newsletter'] = array($arrData['newsletter']);
}
// Create the user
$objNewUser = new \MemberModel();
$objNewUser->setRow($arrData);
$objNewUser->save();
$insertId = $objNewUser->id;
// Assign home directory
if ($this->reg_assignDir) {
$objHomeDir = \FilesModel::findByUuid($this->reg_homeDir);
if ($objHomeDir !== null) {
$this->import('Files');
$strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId;
// Add the user ID if the directory exists
while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) {
$strUserDir .= '_' . $insertId;
}
// Create the user folder
new \Folder($objHomeDir->path . '/' . $strUserDir);
$objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir);
// Save the folder ID
$objNewUser->assignDir = 1;
$objNewUser->homeDir = $objUserDir->uuid;
$objNewUser->save();
}
}
// HOOK: send insert ID and user data
if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) {
foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this);
}
}
// Inform admin if no activation link is sent
if (!$this->reg_activate) {
$this->sendAdminNotification($insertId, $arrData);
}
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Send an admin notification e-mail
* @param integer
* @param array
*/
protected function sendAdminNotification($intId, $arrData)
{
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['adminSubject'], \Environment::get('host'));
$strData = "\n\n";
// Add user details
foreach ($arrData as $k => $v) {
if ($k == 'password' || $k == 'tstamp' || $k == 'activation') {
continue;
}
$v = deserialize($v);
if ($k == 'dateOfBirth' && strlen($v)) {
$v = $this->parseDate($GLOBALS['TL_CONFIG']['dateFormat'], $v);
}
$strData .= $GLOBALS['TL_LANG']['tl_member'][$k][0] . ': ' . (is_array($v) ? implode(', ', $v) : $v) . "\n";
}
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['adminText'], $intId, $strData . "\n") . "\n";
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
$this->log('A new user (ID ' . $intId . ') has registered on the website', 'ModuleRegistration sendAdminNotification()', TL_ACCESS);
}
/**
* Notify the subscribers of new comments
*
* @param \CommentsModel $objComment
*/
public static function notifyCommentsSubscribers(\CommentsModel $objComment)
{
// Notified already
if ($objComment->notified) {
return;
}
$objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
// No subscriptions
if ($objNotify === null) {
return;
}
while ($objNotify->next()) {
// Don't notify the commentor about his own comment
if ($objNotify->email == $objComment->email) {
continue;
}
// Prepare the URL
$strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
$objEmail->sendTo($objNotify->email);
}
$objComment->notified = 1;
$objComment->save();
}
/**
* Add a new recipient
*/
protected function removeRecipient()
{
$arrChannels = $this->Input->post('channels');
$arrChannels = array_intersect($arrChannels, $this->nl_channels);
// see #3240
// Check the selection
if (!is_array($arrChannels) || count($arrChannels) < 1) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
$this->reload();
}
$varInput = $this->idnaEncodeEmail($this->Input->post('email', true));
// Validate e-mail address
if (!$this->isValidEmailAddress($varInput)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email'];
$this->reload();
}
$arrSubscriptions = array();
// Get active subscriptions
$objSubscription = $this->Database->prepare("SELECT pid FROM tl_newsletter_recipients WHERE email=? AND active=1")->execute($varInput);
if ($objSubscription->numRows) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrRemove = array_intersect($arrChannels, $arrSubscriptions);
// Return if there are no subscriptions to remove
if (!is_array($arrRemove) || count($arrRemove) < 1) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['unsubscribed'];
$this->reload();
}
// Remove subscriptions
$this->Database->prepare("DELETE FROM tl_newsletter_recipients WHERE email=? AND pid IN(" . implode(',', array_map('intval', $arrRemove)) . ")")->execute($varInput);
// Get channels
$objChannels = $this->Database->execute("SELECT title FROM tl_newsletter_channel WHERE id IN(" . implode(',', array_map('intval', $arrRemove)) . ")");
$arrChannels = $objChannels->fetchEach('title');
// Log activity
$this->log($varInput . ' unsubscribed from ' . implode(', ', $arrChannels), 'ModuleUnsubscribe removeRecipient()', TL_NEWSLETTER);
// HOOK: post unsubscribe callback
if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) {
foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($varInput, $arrRemove);
}
}
// Confirmation e-mail
$objEmail = new Email();
$strText = str_replace('##domain##', $this->Environment->host, $this->nl_unsubscribe);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $arrChannels), $strText);
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], $this->Environment->host);
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
global $objPage;
// Redirect to jumpTo page
if (strlen($this->jumpTo) && $this->jumpTo != $objPage->id) {
$objNextPage = $this->Database->prepare("SELECT id, alias FROM tl_page WHERE id=?")->limit(1)->execute($this->jumpTo);
if ($objNextPage->numRows) {
$this->redirect($this->generateFrontendUrl($objNextPage->fetchAssoc()));
}
}
$_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed'];
$this->reload();
}
/**
* Create a new user and redirect
* @param object
*/
protected function sendPasswordLink($objMember)
{
$arrChunks = array();
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
$strConfirmation = $this->reg_password;
preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId, $strConfirmation);
break;
default:
try {
$strConfirmation = str_replace($strChunk, $objMember->{$strKey}, $strConfirmation);
} catch (\Exception $e) {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
$this->log('Invalid wildcard "' . $strKey . '" used in password request e-mail', __METHOD__, TL_GENERAL, $e->getMessage());
}
break;
}
}
// Send e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strConfirmation;
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
protected function unregisterUser($objEvent)
{
\Database::getInstance()->prepare("DELETE FROM tl_event_registrations WHERE pid=? AND userId=?")->execute($objEvent->id, $this->User->id);
$objMailerText = \Database::getInstance()->prepare("SELECT ser_cancel_subject AS subject, ser_cancel_text AS text, ser_cancel_html AS html FROM tl_calendar WHERE id=?")->execute($objEvent->pid);
// Send notification
$objEmail = new \Email();
$strFrom = $GLOBALS['TL_CONFIG']['adminEmail'];
$strNotify = $objEvent->ser_email != "" ? $objEvent->ser_email : $GLOBALS['TL_CONFIG']['adminEmail'];
$span = \Calendar::calculateSpan($objEvent->startTime, $objEvent->endTime);
// Get date
if ($span > 0) {
$objEvent->date = \Date::parse($GLOBALS['TL_CONFIG'][$objEvent->addTime ? 'datimFormat' : 'dateFormat'], $objEvent->startTime) . ' - ' . \Date::parse($GLOBALS['TL_CONFIG'][$objEvent->addTime ? 'datimFormat' : 'dateFormat'], $objEvent->endTime);
} elseif ($objEvent->startTime == $objEvent->endTime) {
$objEvent->date = \Date::parse($GLOBALS['TL_CONFIG']['dateFormat'], $objEvent->startTime) . ($objEvent->addTime ? ' (' . \Date::parse($GLOBALS['TL_CONFIG']['timeFormat'], $objEvent->startTime) . ')' : '');
} else {
$objEvent->date = \Date::parse($GLOBALS['TL_CONFIG']['dateFormat'], $objEvent->startTime) . ($objEvent->addTime ? ' (' . \Date::parse($GLOBALS['TL_CONFIG']['timeFormat'], $objEvent->startTime) . ' - ' . \Date::parse($GLOBALS['TL_CONFIG']['timeFormat'], $objEvent->endTime) . ')' : '');
}
$notifyText = $this->replaceInserts($objEvent, $GLOBALS['TL_LANG']['MSC']['ser_unregister_mail']);
$notifySubject = $GLOBALS['TL_LANG']['MSC']['ser_unregister_subject'];
$messageText = $this->replaceInserts($objEvent, html_entity_decode($objMailerText->text));
$messageHTML = $this->replaceInserts($objEvent, html_entity_decode($objMailerText->html));
$objEmail->from = $strFrom;
$objEmail->subject = $this->replaceInserts($objEvent, html_entity_decode($objMailerText->subject));
$objEmail->text = $messageText;
$objEmail->html = $messageHTML;
$objEmail->sendTo($this->User->email);
$objEmail->subject = $this->replaceInserts($objEvent, html_entity_decode($notifySubject));
$objEmail->text = $notifyText;
$objEmail->html = nl2br($notifyText);
$objEmail->sendTo($strNotify);
$_SESSION['TL_SER_UNREGISTERED'] = true;
$this->reload();
}
/**
* Try to login the current user
* @return boolean
*/
public function login()
{
$this->loadLanguageFile('default');
// Do not continue if username or password are missing
if (!$this->Input->post('username') || !$this->Input->post('password')) {
return false;
}
// Load the user object
if ($this->findBy('username', $this->Input->post('username')) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback}[1]($this->Input->post('username'), $this->Input->post('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', $this->Input->post('username')) == false) {
$_SESSION['TL_ERROR'][] = $GLOBALS['TL_LANG']['ERR']['invalidLogin'];
$this->log('Could not find user "' . $this->Input->post('username') . '"', get_class($this) . ' login()', TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if ($this->Input->post('language')) {
$this->language = $this->Input->post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = 3;
$this->save();
// Add a log entry
$this->log('The account has been locked for security reasons', get_class($this) . ' login()', TL_ACCESS);
// Send admin notification
if (strlen($GLOBALS['TL_CONFIG']['adminEmail'])) {
$objEmail = new Email();
$objEmail->subject = 'A Contao account has been locked!';
$objEmail->text = "The following Contao account has been locked for security reasons.\n\nUsername: "******"\nReal name: " . (TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name) . "\nWebsite: " . $this->Environment->base . "\n\nThe account has been locked for " . ceil($GLOBALS['TL_CONFIG']['lockPeriod'] / 60) . " minutes because a user has entered an invalid password three times in a row. After this period of time the account will be unlocked automatically.\n\nThis e-mail has been generated by Contao. You can not reply to it directly.\n";
$objEmail->sendTo($GLOBALS['TL_CONFIG']['adminEmail']);
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
$blnAuthenticated = false;
list($strPassword, $strSalt) = explode(':', $this->password);
// Password is correct but not yet salted
if (!strlen($strSalt) && $strPassword == sha1($this->Input->post('password'))) {
$strSalt = substr(md5(uniqid(mt_rand(), true)), 0, 23);
$strPassword = sha1($strSalt . $this->Input->post('password'));
$this->password = $strPassword . ':' . $strSalt;
}
// Check the password against the database
if (strlen($strSalt) && $strPassword == sha1($strSalt . $this->Input->post('password'))) {
$blnAuthenticated = true;
} elseif (isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback}[1]($this->Input->post('username'), $this->Input->post('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
$_SESSION['TL_ERROR'][] = $GLOBALS['TL_LANG']['ERR']['invalidLogin'];
$this->log('Invalid password submitted for username "' . $this->username . '"', get_class($this) . ' login()', TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->loginCount = 3;
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->save();
// Generate the session
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', get_class($this) . ' login()', TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback}[1]($this);
}
}
return true;
}
/**
* Sends an information mail
*
* @param string $subject Subject of email
* @param string $text Content of email
*
* @return boolean true if sending email was successfull
*/
protected function inform($subject, $text)
{
$this->import('Email');
$mail = new Email();
$mail->from = $this->ext404_email_from;
$mail->subject = sprintf($subject, $this->Environment->host);
$mail->text = sprintf($text, $this->request, $this->referer) . "\n";
return $mail->sendTo($this->ext404_email_to);
}
/**
* Process form data, store it in the session and redirect to the jumpTo page
*
* @param array $arrSubmitted
* @param array $arrLabels
* @param array $arrFields
*/
protected function processFormData($arrSubmitted, $arrLabels, $arrFields)
{
// HOOK: prepare form data callback
if (isset($GLOBALS['TL_HOOKS']['prepareFormData']) && is_array($GLOBALS['TL_HOOKS']['prepareFormData'])) {
foreach ($GLOBALS['TL_HOOKS']['prepareFormData'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($arrSubmitted, $arrLabels, $arrFields, $this);
}
}
// Send form data via e-mail
if ($this->sendViaEmail) {
$keys = array();
$values = array();
$fields = array();
$message = '';
foreach ($arrSubmitted as $k => $v) {
if ($k == 'cc') {
continue;
}
$v = deserialize($v);
// Skip empty fields
if ($this->skipEmpty && !is_array($v) && !strlen($v)) {
continue;
}
// Add field to message
$message .= (isset($arrLabels[$k]) ? $arrLabels[$k] : ucfirst($k)) . ': ' . (is_array($v) ? implode(', ', $v) : $v) . "\n";
// Prepare XML file
if ($this->format == 'xml') {
$fields[] = array('name' => $k, 'values' => is_array($v) ? $v : array($v));
}
// Prepare CSV file
if ($this->format == 'csv') {
$keys[] = $k;
$values[] = is_array($v) ? implode(',', $v) : $v;
}
}
$recipients = \StringUtil::splitCsv($this->recipient);
// Format recipients
foreach ($recipients as $k => $v) {
$recipients[$k] = str_replace(array('[', ']', '"'), array('<', '>', ''), $v);
}
$email = new \Email();
// Get subject and message
if ($this->format == 'email') {
$message = $arrSubmitted['message'];
$email->subject = $arrSubmitted['subject'];
}
// Set the admin e-mail as "from" address
$email->from = $GLOBALS['TL_ADMIN_EMAIL'];
$email->fromName = $GLOBALS['TL_ADMIN_NAME'];
// Get the "reply to" address
if (strlen(\Input::post('email', true))) {
$replyTo = \Input::post('email', true);
// Add name
if (strlen(\Input::post('name'))) {
$replyTo = '"' . \Input::post('name') . '" <' . $replyTo . '>';
}
$email->replyTo($replyTo);
}
// Fallback to default subject
if (!strlen($email->subject)) {
$email->subject = $this->replaceInsertTags($this->subject, false);
}
// Send copy to sender
if (strlen($arrSubmitted['cc'])) {
$email->sendCc(\Input::post('email', true));
unset($_SESSION['FORM_DATA']['cc']);
}
// Attach XML file
if ($this->format == 'xml') {
/** @var \FrontendTemplate|object $objTemplate */
$objTemplate = new \FrontendTemplate('form_xml');
$objTemplate->fields = $fields;
$objTemplate->charset = \Config::get('characterSet');
$email->attachFileFromString($objTemplate->parse(), 'form.xml', 'application/xml');
}
// Attach CSV file
if ($this->format == 'csv') {
$email->attachFileFromString(\StringUtil::decodeEntities('"' . implode('";"', $keys) . '"' . "\n" . '"' . implode('";"', $values) . '"'), 'form.csv', 'text/comma-separated-values');
}
$uploaded = '';
// Attach uploaded files
if (!empty($_SESSION['FILES'])) {
foreach ($_SESSION['FILES'] as $file) {
// Add a link to the uploaded file
if ($file['uploaded']) {
$uploaded .= "\n" . \Environment::get('base') . str_replace(TL_ROOT . '/', '', dirname($file['tmp_name'])) . '/' . rawurlencode($file['name']);
continue;
}
$email->attachFileFromString(file_get_contents($file['tmp_name']), $file['name'], $file['type']);
}
}
$uploaded = strlen(trim($uploaded)) ? "\n\n---\n" . $uploaded : '';
$email->text = \StringUtil::decodeEntities(trim($message)) . $uploaded . "\n\n";
// Send the e-mail
try {
$email->sendTo($recipients);
} catch (\Swift_SwiftException $e) {
$this->log('Form "' . $this->title . '" could not be sent: ' . $e->getMessage(), __METHOD__, TL_ERROR);
}
}
// Store the values in the database
if ($this->storeValues && $this->targetTable != '') {
$arrSet = array();
// Add the timestamp
if ($this->Database->fieldExists('tstamp', $this->targetTable)) {
$arrSet['tstamp'] = time();
}
// Fields
foreach ($arrSubmitted as $k => $v) {
if ($k != 'cc' && $k != 'id') {
$arrSet[$k] = $v;
// Convert date formats into timestamps (see #6827)
if ($arrSet[$k] != '' && in_array($arrFields[$k]->rgxp, array('date', 'time', 'datim'))) {
$objDate = new \Date($arrSet[$k], \Date::getFormatFromRgxp($arrFields[$k]->rgxp));
$arrSet[$k] = $objDate->tstamp;
}
}
}
// Files
if (!empty($_SESSION['FILES'])) {
foreach ($_SESSION['FILES'] as $k => $v) {
if ($v['uploaded']) {
$arrSet[$k] = str_replace(TL_ROOT . '/', '', $v['tmp_name']);
}
}
}
// HOOK: store form data callback
if (isset($GLOBALS['TL_HOOKS']['storeFormData']) && is_array($GLOBALS['TL_HOOKS']['storeFormData'])) {
foreach ($GLOBALS['TL_HOOKS']['storeFormData'] as $callback) {
$this->import($callback[0]);
$arrSet = $this->{$callback}[0]->{$callback}[1]($arrSet, $this);
}
}
// Set the correct empty value (see #6284, #6373)
foreach ($arrSet as $k => $v) {
if ($v === '') {
$arrSet[$k] = \Widget::getEmptyValueByFieldType($GLOBALS['TL_DCA'][$this->targetTable]['fields'][$k]['sql']);
}
}
// Do not use Models here (backwards compatibility)
$this->Database->prepare("INSERT INTO " . $this->targetTable . " %s")->set($arrSet)->execute();
}
// Store all values in the session
foreach (array_keys($_POST) as $key) {
$_SESSION['FORM_DATA'][$key] = $this->allowTags ? \Input::postHtml($key, true) : \Input::post($key, true);
}
$arrFiles = $_SESSION['FILES'];
// HOOK: process form data callback
if (isset($GLOBALS['TL_HOOKS']['processFormData']) && is_array($GLOBALS['TL_HOOKS']['processFormData'])) {
foreach ($GLOBALS['TL_HOOKS']['processFormData'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($arrSubmitted, $this->arrData, $arrFiles, $arrLabels, $this);
}
}
$_SESSION['FILES'] = array();
// DO NOT CHANGE
// Add a log entry
if (FE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
$this->log('Form "' . $this->title . '" has been submitted by "' . $this->User->username . '".', __METHOD__, TL_FORMS);
} else {
$this->log('Form "' . $this->title . '" has been submitted by ' . \System::anonymizeIp(\Environment::get('ip')) . '.', __METHOD__, TL_FORMS);
}
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Compile the newsletter and send it
*
* @param \Email $objEmail
* @param \Database\Result|object $objNewsletter
* @param array $arrRecipient
* @param string $text
* @param string $html
* @param string $css
*
* @return string
*/
protected function sendNewsletter(\Email $objEmail, \Database\Result $objNewsletter, $arrRecipient, $text, $html, $css = null)
{
// Prepare the text content
$objEmail->text = \String::parseSimpleTokens($text, $arrRecipient);
if (!$objNewsletter->sendText) {
// Default template
if ($objNewsletter->template == '') {
$objNewsletter->template = 'mail_default';
}
/** @var \BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate($objNewsletter->template);
$objTemplate->setData($objNewsletter->row());
$objTemplate->title = $objNewsletter->subject;
$objTemplate->body = \String::parseSimpleTokens($html, $arrRecipient);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->css = $css;
// Backwards compatibility
$objTemplate->recipient = $arrRecipient['email'];
// Parse template
$objEmail->html = $objTemplate->parse();
$objEmail->imageDir = TL_ROOT . '/';
}
// Deactivate invalid addresses
try {
$objEmail->sendTo($arrRecipient['email']);
} catch (\Swift_RfcComplianceException $e) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
// Rejected recipients
if ($objEmail->hasFailures()) {
$_SESSION['REJECTED_RECIPIENTS'][] = $arrRecipient['email'];
}
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['sendNewsletter']) && is_array($GLOBALS['TL_HOOKS']['sendNewsletter'])) {
foreach ($GLOBALS['TL_HOOKS']['sendNewsletter'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($objEmail, $objNewsletter, $arrRecipient, $text, $html);
}
}
}
/**
* Add comments to a template
* @param FrontendTemplate
* @param stdClass
* @param string
* @param integer
* @param array
*/
public function addCommentsToTemplate(FrontendTemplate $objTemplate, stdClass $objConfig, $strSource, $intParent, $arrNotifies)
{
global $objPage;
$this->import('String');
$limit = null;
$arrComments = array();
// Pagination
if ($objConfig->perPage > 0) {
// Get the total number of comments
$objTotal = $this->Database->prepare("SELECT COUNT(*) AS count FROM tl_comments WHERE source=? AND parent=?" . (!BE_USER_LOGGED_IN ? " AND published=1" : ""))->execute($strSource, $intParent);
$total = $objTotal->count;
// Get the current page
$page = $this->Input->get('page') ? $this->Input->get('page') : 1;
// Do not index or cache the page if the page number is outside the range
if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
// Send a 404 header
header('HTTP/1.1 404 Not Found');
$objTemplate->allowComments = false;
$objTemplate->comments = array();
// see #4064
return;
}
// Set limit and offset
$limit = $objConfig->perPage;
$offset = ($page - 1) * $objConfig->perPage;
// Initialize the pagination menu
$objPagination = new Pagination($objTotal->count, $objConfig->perPage);
$objTemplate->pagination = $objPagination->generate("\n ");
}
$objTemplate->allowComments = true;
// Get all published comments
$objCommentsStmt = $this->Database->prepare("SELECT c.*, u.name as authorName FROM tl_comments c LEFT JOIN tl_user u ON c.author=u.id WHERE c.source=? AND c.parent=?" . (!BE_USER_LOGGED_IN ? " AND c.published=1" : "") . " ORDER BY c.date" . ($objConfig->order == 'descending' ? " DESC" : ""));
if ($limit) {
$objCommentsStmt->limit($limit, $offset);
}
$objComments = $objCommentsStmt->execute($strSource, $intParent);
$total = $objComments->numRows;
if ($total > 0) {
$count = 0;
if ($objConfig->template == '') {
$objConfig->template = 'com_default';
}
$objPartial = new FrontendTemplate($objConfig->template);
while ($objComments->next()) {
$objPartial->setData($objComments->row());
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objComments->comment = $this->String->toXhtml($objComments->comment);
} else {
$objComments->comment = $this->String->toHtml5($objComments->comment);
}
$objPartial->comment = trim(str_replace(array('{{', '}}'), array('{{', '}}'), $objComments->comment));
$objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date);
$objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date);
$objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
$objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by'];
$objPartial->id = 'c' . $objComments->id;
$objPartial->timestamp = $objComments->date;
$objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date);
$objPartial->addReply = false;
// Reply
if ($objComments->addReply && $objComments->reply != '' && $objComments->authorName != '') {
$objPartial->addReply = true;
$objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by'];
$objPartial->reply = $this->replaceInsertTags($objComments->reply);
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objPartial->reply = $this->String->toXhtml($objPartial->reply);
} else {
$objPartial->reply = $this->String->toHtml5($objPartial->reply);
}
}
$arrComments[] = $objPartial->parse();
++$count;
}
}
$objTemplate->comments = $arrComments;
$objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment'];
$objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name'];
$objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email'];
$objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website'];
$objTemplate->commentsTotal = $limit ? $objTotal->count : $total;
// Get the front end user object
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Comment field
$arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'com_' . $strSource . '_' . $intParent;
// Initialize widgets
foreach ($arrFields as $arrField) {
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!$this->classFileExists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
$objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if ($this->Input->post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand($this->Environment->request);
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_COMMENT_ADDED']) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_COMMENT_ADDED'] = false;
}
// Add the comment
if ($this->Input->post('FORM_SUBMIT') == $strFormId && !$doNotSubmit) {
$this->import('String');
$strWebsite = $arrWidgets['website']->value;
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the comment
$strComment = htmlspecialchars(trim($arrWidgets['comment']->value));
$strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment);
// Remove multiple line feeds
$strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
// Parse BBCode
if ($objConfig->bbcode) {
$strComment = $this->parseBbCode($strComment);
}
// Prevent cross-site request forgeries
$strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
$time = time();
// Prepare the record
$arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp($this->Environment->ip), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
$insertId = $this->Database->prepare("INSERT INTO tl_comments %s")->set($arrSet)->execute()->insertId;
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this);
}
}
// Notification
$objEmail = new Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], $this->Environment->host);
// Convert the comment to plain text
$strComment = strip_tags($strComment);
$strComment = $this->String->decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
// Add comment details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, $this->Environment->base . $this->Environment->request, $this->Environment->base . 'contao/main.php?do=comments&act=edit&id=' . $insertId);
// Do not send notifications twice
if (is_array($arrNotifies)) {
$arrNotifies = array_unique($arrNotifies);
}
$objEmail->sendTo($arrNotifies);
// Pending for approval
if ($objConfig->moderate) {
$_SESSION['TL_COMMENT_ADDED'] = true;
}
$this->reload();
}
}
/**
* Create a new user and redirect
* @param Database_Result
*/
protected function sendPasswordLink(Database_Result $objMember)
{
$arrChunks = array();
$confirmationId = md5(uniqid(mt_rand(), true));
// Store confirmation ID
$this->Database->prepare("UPDATE tl_member SET activation=? WHERE id=?")->execute($confirmationId, $objMember->id);
$strConfirmation = $this->reg_password;
preg_match_all('/##[^#]+##/i', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, $this->Environment->host, $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, $this->Environment->base . $this->Environment->request . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos($this->Environment->request, '?') !== false ? '&' : '?') . 'token=' . $confirmationId, $strConfirmation);
break;
default:
try {
$strConfirmation = str_replace($strChunk, $objMember->{$strKey}, $strConfirmation);
} catch (Exception $e) {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
$this->log('Invalid wildcard "' . $strKey . '" used in password request e-mail', 'ModulePassword sendPasswordLink()', TL_GENERAL, $e->getMessage());
}
break;
}
}
// Send e-mail
$objEmail = new Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], $this->Environment->host);
$objEmail->text = $strConfirmation;
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', 'ModulePassword sendPasswordLink()', TL_ACCESS);
$this->jumpToOrReload($this->jumpTo);
}
