/**
* Responds to process_edit hook-like event notifications.
*
* @param Zikula_Event $event The event that triggered this function call.
*
* @return void
*
* @throws Zikula_Exception_Fatal Thrown if a user account does not exist for the uid specified by the event.
*/
public function processEdit(Zikula_Event $event)
{
$activePolicies = $this->helper->getActivePolicies();
$eventName = $event->getName();
if (isset($this->validation) && !$this->validation->hasErrors()) {
$user = $event->getSubject();
$uid = $user['uid'];
if (!UserUtil::isLoggedIn()) {
if (($eventName == 'module.users.ui.process_edit.login_screen') || ($eventName == 'module.users.ui.process_edit.login_block')) {
$policiesAcceptedAtLogin = $this->validation->getObject();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $policiesAcceptedAtLogin['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtLogin['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['agePolicy'] && $policiesAcceptedAtLogin['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
}
if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtLogin['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['tradeConditions'] && $policiesAcceptedAtLogin['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true);
} else {
$isRegistration = UserUtil::isRegistration($uid);
$user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
if (!$user) {
throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
}
$policiesAcceptedAtRegistration = $this->validation->getObject();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $policiesAcceptedAtRegistration['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtRegistration['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['agePolicy'] && $policiesAcceptedAtRegistration['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
}
if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtRegistration['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['tradeConditions'] && $policiesAcceptedAtRegistration['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
}
} else {
$isRegistration = UserUtil::isRegistration($uid);
$user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
if (!$user) {
throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
}
$policiesAcceptedAtRegistration = $this->validation->getObject();
$editablePolicies = $this->helper->getEditablePolicies();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $editablePolicies['termsOfUse']) {
if ($policiesAcceptedAtRegistration['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['termsOfUse'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $uid);
}
}
if ($activePolicies['privacyPolicy'] && $editablePolicies['privacyPolicy']) {
if ($policiesAcceptedAtRegistration['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['privacyPolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $uid);
}
}
if ($activePolicies['agePolicy'] && $editablePolicies['agePolicy']) {
if ($policiesAcceptedAtRegistration['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['agePolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $uid);
}
}
if ($activePolicies['cancellationRightPolicy'] && $editablePolicies['cancellationRightPolicy']) {
if ($policiesAcceptedAtRegistration['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['cancellationRightPolicy'] === 0) || ($policiesAcceptedAtRegistration['cancellationRightPolicy'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $uid);
}
}
if ($activePolicies['tradeConditions'] && $editablePolicies['tradeConditions']) {
if ($policiesAcceptedAtRegistration['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['tradeConditions'] === 0) || ($policiesAcceptedAtRegistration['tradeConditions'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $uid);
}
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
}
}
}
/**
* Allow the user to accept active terms of use and/or privacy policy.
*
* This function is currently used by the Legal module's handler for the users.login.veto event.
*
* @return string The rendered output from the template.
*
* @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt.
*
* @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt;
* also thrown in cases where expected data is not present or not in an expected form;
* also thrown if the call to this function is not the result of a POST operation or a GET operation.
*/
public function acceptPolicies()
{
// Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to
// throw an exception. We need to make sure no sensitive data is left dangling in the session variables.
$sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name);
$this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name);
$processed = false;
$helper = new Legal_Helper_AcceptPolicies();
if ($this->request->isPost()) {
$this->checkCsrfToken();
$isLogin = isset($sessionVars) && !empty($sessionVars);
if (!$isLogin && !UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Forbidden();
} elseif ($isLogin && UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Fatal();
}
$policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false);
$acceptedPolicies = array(
'termsOfUse' => $this->request->getPost()->get('acceptedpolicies_termsofuse', false),
'privacyPolicy' => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false),
'agePolicy' => $this->request->getPost()->get('acceptedpolicies_agepolicy', false),
'cancellationRightPolicy' => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false),
'tradeConditions' => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false)
);
if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) {
throw new Zikula_Exception_Fatal();
}
$activePolicies = $helper->getActivePolicies();
$originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid);
$fieldErrors = array();
if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) {
$fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.');
}
if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) {
$fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.');
}
if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) {
$fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0)));
}
if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) {
$fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.');
}
if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) {
$fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.');
}
if (empty($fieldErrors)) {
$now = new DateTime('now', new DateTimeZone('UTC'));
$nowStr = $now->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) {
$termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid);
} else {
$termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse'];
}
if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) {
$privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid);
} else {
$privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy'];
}
if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) {
$agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid);
} else {
$agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy'];
}
if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) {
$cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid);
} else {
$cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy'];
}
if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) {
$tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid);
} else {
$tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions'];
}
$processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed;
}
if ($processed) {
if ($isLogin) {
$loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users');
$loginArgs['authentication_method'] = $sessionVars['authentication_method'];
$loginArgs['authentication_info'] = $sessionVars['authentication_info'];
$loginArgs['rememberme'] = $sessionVars['rememberme'];
return ModUtil::func('Users', 'user', 'login', $loginArgs);
} else {
$this->redirect(System::getHomepageUrl());
}
}
} elseif ($this->request->isGet()) {
$isLogin = $this->request->getGet()->get('login', false);
$fieldErrors = array();
} else {
throw new Zikula_Exception_Forbidden();
}
// If we are coming here from the login process, then there are certain things that must have been
// send along in the session variable. If not, then error.
if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj'])
|| !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info'])
|| !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method']))
) {
throw new Zikula_Exception_Fatal();
}
if ($isLogin) {
$policiesUid = $sessionVars['user_obj']['uid'];
} else {
$policiesUid = UserUtil::getVar('uid');
}
if (!$policiesUid || empty($policiesUid)) {
throw new Zikula_Exception_Fatal();
}
if ($isLogin) {
// Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable
// Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data
// would have been orphaned, and it contains some sensitive information.
SessionUtil::requireSession();
$this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name);
}
$templateVars = array(
'login' => $isLogin,
'policiesUid' => $policiesUid,
'activePolicies' => $helper->getActivePolicies(),
'acceptedPolicies' => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
'originalAcceptedPolicies' => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
'fieldErrors' => $fieldErrors,
);
return $this->view->assign($templateVars)
->fetch('legal_user_acceptpolicies.tpl');
}
