/**
* Vetos (denies) a login attempt, and forces the user to change his password.
*
* This handler is triggered by the 'user.login.veto' event. It vetos (denies) a
* login attempt if the users's account record is flagged to force the user to change
* his password maintained by the Users module. If the user does not maintain a
* password on his Users account (e.g., he registered with and logs in with a Google
* Account or an OpenID, and never established a Users password), then this handler
* will not trigger a change of password.
*
* @param GenericEvent $event The event that triggered this handler.
*
* @return void
*/
public static function forcedPasswordChangeListener(GenericEvent $event)
{
$userObj = $event->getSubject();
$userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $userObj['uid'], false);
if ($userMustChangePassword && $userObj['pass'] != UsersConstant::PWD_NO_USERS_AUTHENTICATION) {
$event->stopPropagation();
$event->setData(array('redirect_func' => array('modname' => self::$modname, 'type' => 'user', 'func' => 'changePassword', 'args' => array('login' => true), 'session' => array('var' => 'Users_Controller_User_changePassword', 'namespace' => 'Zikula_Users'))));
LogUtil::registerError(__("Your log-in request was not completed. You must change your web site account's password first."));
}
}
/**
* Add 'anotherfunction' Event handler .
*
* @param GenericEvent $event Handler.
*
* @return void
*/
public function anotherfunction(GenericEvent $event)
{
// check if this is for this handler
$subject = $event->getSubject();
if (!($event['method'] == 'anotherfunction' && $subject instanceof Users_Controller_Admin)) {
return;
}
if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) {
throw new \Zikula\Framework\Exception\ForbiddenException();
}
$view = Zikula_View_plugin::getModulePluginInstance($this->moduleName, $this->pluginName);
$event->setData($view->fetch('anotherfunction.tpl'));
$event->stopPropagation();
}
/**
* Event handler here.
*
* @param GenericEvent $event Event handler.
*
* @return void
*/
public function handler(GenericEvent $event)
{
// check if this is for this handler
$subject = $event->getSubject();
if (!($event['method'] == 'extensions' && $subject instanceof \Users\Controller\AdminController)) {
return;
}
if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) {
throw new \Zikula\Framework\Exception\ForbiddenException();
}
// Zikula Modules and Themes versions
$view = Zikula_View::getInstance('Users');
$view->assign('mods', ModUtil::getModules());
$view->assign('themes', ThemeUtil::getAllThemes());
$event->setData($view->fetch('users_admin_extensions.tpl'));
$event->stopPropagation();
}
/**
* Available plugins list.
*
* @return array List of the available plugins.
*/
public static function getPluginsAvailable()
{
$classNames = array();
$classNames['category'] = 'FilterUtil_Filter_Category';
$classNames['default'] = 'FilterUtil_Filter_Default';
$classNames['date'] = 'FilterUtil_Filter_Date';
$classNames['mnlist'] = 'FilterUtil_Filter_Mnlist';
$classNames['pmlist'] = 'FilterUtil_Filter_Pmlist';
$classNames['replaceName'] = 'FilterUtil_Filter_ReplaceName';
// collect classes from other providers also allows for override
// TODO A [This is only allowed for the module which owns this object.]
$event = new GenericEvent();
$event->setData($classNames);
EventUtil::getManager()->dispatch('zikula.filterutil.get_plugin_classes', $event);
$classNames = $event->getData();
return $classNames;
}
/**
* Run a module function.
*
* @param string $modname The name of the module.
* @param string $type The type of function to run.
* @param string $func The specific function to run.
* @param array $args The arguments to pass to the function.
* @param boolean $api Whether or not to execute an API (or regular) function.
*
* @throws Zikula_Exception_NotFound If method was not found.
*
* @return mixed.
*/
public static function exec($modname, $type = 'user', $func = 'index', $args = array(), $api = false)
{
// define input, all numbers and booleans to strings
$modname = preg_match('/\\w+Module$/i', $modname) || !$modname ? $modname : $modname . 'Module';
$modname = isset($modname) ? (string) $modname : '';
$loadfunc = $api ? 'ModUtil::loadApi' : 'ModUtil::load';
// validate
if (!System::varValidate($modname, 'mod')) {
return null;
}
$modinfo = self::getInfo(self::getIDFromName($modname));
$controller = null;
$modfunc = null;
$loaded = call_user_func_array($loadfunc, array($modname, $type));
$result = self::getCallable($modname, $type, $func, $api);
if ($result) {
$modfunc = $result['callable'];
$controller = $modfunc[0];
}
$dispatcher = EventUtil::getManager();
if ($loaded) {
$preExecuteEvent = new GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api));
$postExecuteEvent = new GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api));
if (is_callable($modfunc)) {
$dispatcher->dispatch('module_dispatch.preexecute', $preExecuteEvent);
$modfunc[0]->preDispatch();
$postExecuteEvent->setData(call_user_func($modfunc, $args));
$modfunc[0]->postDispatch();
return $dispatcher->dispatch('module_dispatch.postexecute', $postExecuteEvent)->getData();
}
// try to load plugin
// This kind of eventhandler should
// 1. Check $event['modfunc'] to see if it should run else exit silently.
// 2. Do something like $result = {$event['modfunc']}({$event['args'});
// 3. Save the result $event->setData($result).
// 4. $event->setNotify().
// return void
// This event means that no $type was found
$event = new GenericEvent(null, array('modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api), false);
$dispatcher->dispatch('module_dispatch.type_not_found', $event);
if ($preExecuteEvent->isPropagationStopped()) {
return $preExecuteEvent->getData();
}
return false;
}
// Issue not found exception for controller requests
if (!$api) {
throw new \Zikula\Framework\Exception\NotFoundException(__f('The requested controller action %s_Controller_%s::%s() could not be found', array($modname, $type, $func)));
}
}
/**
* Format a variable for HTML display. This method is recursive array safe.
*
* @param string $var The variable to format.
*
* @return string The formatted variable.
*/
public static function formatForDisplayHTML($var)
{
// This search and replace finds the text 'x@y' and replaces
// it with HTML entities, this provides protection against
// email harvesters
//
// Note that the use of \024 and \022 are needed to ensure that
// this does not break HTML tags that might be around either
// the username or the domain name
static $search = array('/([^\\024])@([^\\022])/se');
static $replace = array('"&#" .
sprintf("%03d", ord("\\1")) .
";@&#" .
sprintf("%03d", ord("\\2")) . ";";');
static $allowedtags = null;
static $outputfilter;
static $event;
if (!$event) {
$event = new GenericEvent();
}
if (!isset($allowedtags)) {
$allowedHTML = array();
$allowableHTML = System::getVar('AllowableHTML');
if (is_array($allowableHTML)) {
foreach ($allowableHTML as $k => $v) {
if ($k == '!--') {
if ($v != 0) {
$allowedHTML[] = "{$k}.*?--";
}
} else {
switch ($v) {
case 0:
break;
case 1:
$allowedHTML[] = "/?{$k}\\s*/?";
break;
case 2:
$allowedHTML[] = "/?\\s*{$k}" . "(\\s+[\\w:]+\\s*=\\s*(\"[^\"]*\"|'[^']*'))*" . '\\s*/?';
break;
}
}
}
}
if (count($allowedHTML) > 0) {
$allowedtags = '~<\\s*(' . implode('|', $allowedHTML) . ')\\s*>~is';
} else {
$allowedtags = '';
}
}
if (!isset($outputfilter)) {
if (ModUtil::available('SecurityCenterModule') && !System::isInstalling()) {
$outputfilter = System::getVar('outputfilter');
} else {
$outputfilter = 0;
}
}
if (is_array($var)) {
foreach ($var as $k => $v) {
$var[$k] = self::formatForDisplayHTML($v);
}
} else {
// Run additional filters
if ($outputfilter > 0) {
$event->setData($var)->setArgument('filter', $outputfilter);
$var = EventUtil::dispatch('system.outputfilter', $event)->getData();
}
// Preparse var to mark the HTML that we want
if (!empty($allowedtags)) {
$var = preg_replace($allowedtags, "\\1", $var);
}
// Encode email addresses
$var = preg_replace($search, $replace, $var);
// Fix html entities
$var = htmlspecialchars($var);
// Fix the HTML that we want
$var = preg_replace_callback('#\\022([^\\024]*)\\024#', create_function('$m', 'return DataUtil::formatForDisplayHTML_callback($m);'), $var);
// Fix entities if required
if (System::getVar('htmlentities')) {
$var = preg_replace('/&([a-z#0-9]+);/i', "&\\1;", $var);
}
}
return $var;
}
/**
* Run a module function.
*
* @param string $modname The name of the module.
* @param string $type The type of function to run.
* @param string $func The specific function to run.
* @param array $args The arguments to pass to the function.
* @param boolean $api Whether or not to execute an API (or regular) function.
* @param string $instanceof Perform instanceof checking of target class.
*
* @throws Zikula_Exception_NotFound If method was not found.
* @throws InvalidArgumentException If the controller is not an instance of the class specified in $instanceof.
*
* @return mixed.
*/
public static function exec($modname, $type = 'user', $func = 'main', $args = array(), $api = false, $instanceof = null)
{
// define input, all numbers and booleans to strings
$modname = isset($modname) ? (string) $modname : '';
$modname = static::convertModuleName($modname);
// validate
if (!System::varValidate($modname, 'mod')) {
return null;
}
// Remove from 1.4
if (System::isLegacyMode('1.4.0') && $modname == 'Modules') {
LogUtil::log(__('Warning! "Modules" module has been renamed to "ZikulaExtensionsModule". Please update your ModUtil::func() and ModUtil::apiFunc() calls.'));
$modname = 'ZikulaExtensionsModule';
}
$modinfo = self::getInfo(self::getIDFromName($modname));
$controller = null;
$modfunc = null;
$loaded = call_user_func_array($api ? 'ModUtil::loadApi' : 'ModUtil::load', array($modname, $type));
if (self::isOO($modname)) {
$result = self::getCallable($modname, $type, $func, $api);
if ($result) {
$modfunc = $result['callable'];
$controller = $modfunc[0];
if (!is_null($instanceof)) {
if (!$controller instanceof $instanceof) {
throw new InvalidArgumentException(__f('%1$s must be an instance of $2$s', array(get_class($controller), $instanceof)));
}
}
}
}
$eventManager = EventUtil::getManager();
$sm = ServiceUtil::getManager();
if ($loaded) {
$preExecuteEvent = new \Zikula\Core\Event\GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api));
$postExecuteEvent = new \Zikula\Core\Event\GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api));
if (is_callable($modfunc)) {
$eventManager->dispatch('module_dispatch.preexecute', $preExecuteEvent);
// Check $modfunc is an object instance (OO) or a function (old)
if (is_array($modfunc)) {
try {
self::getModule($modname);
$newType = true;
} catch (\Exception $e) {
$newType = false;
}
if ($args) {
$newType = false;
}
if (!$api && $newType) {
// resolve request args.
$resolver = new ControllerResolver($sm, new ControllerNameParser(ServiceUtil::get('kernel')));
try {
$r = new \ReflectionClass($modfunc[0]);
if (!$r->hasMethod($modfunc[1])) {
// Method doesn't exist. Do some BC handling.
// First try to remove the 'Action' suffix.
$modfunc[1] = preg_replace('/(\\w+)Action$/', '$1', $modfunc[1]);
if (!$r->hasMethod($modfunc[1])) {
// Method still not found. Try to use the old 'main' method name.
if ($modfunc[1] == 'index') {
$modfunc[1] = $r->hasMethod('mainAction') ? 'mainAction' : 'main';
}
}
}
if ($r->hasMethod($modfunc[1])) {
// Did we get a valid method? If so, resolve arguments!
$methodArgs = $resolver->getArguments($sm->get('request'), $modfunc);
} else {
// We still didn't get a valid method. Do not use argument resolving.
$newType = false;
}
} catch (\RuntimeException $e) {
// Something went wrong. Check if the method still uses the old non-Symfony $args array.
if ($modfunc[0] instanceof \Zikula_AbstractBase) {
$r = new \ReflectionMethod($modfunc[0], $modfunc[1]);
$parameters = $r->getParameters();
if (count($parameters) == 1) {
$firstParameter = $parameters[0];
if ($firstParameter->getName() == 'args') {
// The method really uses the old $args parameter. In this case we can continue
// using the old Controller call and don't have to throw an exception.
$newType = false;
}
}
}
if ($newType !== false) {
throw $e;
}
}
}
if ($modfunc[0] instanceof Zikula_AbstractController) {
$reflection = call_user_func(array($modfunc[0], 'getReflection'));
$subclassOfReflection = new ReflectionClass($reflection->getParentClass());
if ($subclassOfReflection->hasMethod($modfunc[1])) {
// Don't allow front controller to access any public methods inside the controller's parents
throw new Zikula_Exception_NotFound();
}
$modfunc[0]->preDispatch();
}
if (!$api && $newType && isset($methodArgs)) {
$postExecuteEvent->setData(call_user_func_array($modfunc, $methodArgs));
} else {
$postExecuteEvent->setData(call_user_func($modfunc, $args));
}
if ($modfunc[0] instanceof Zikula_AbstractController) {
$modfunc[0]->postDispatch();
}
} else {
$postExecuteEvent->setData($modfunc($args));
}
return $eventManager->dispatch('module_dispatch.postexecute', $postExecuteEvent)->getData();
}
// try to load plugin
// This kind of eventhandler should
// 1. Check $event['modfunc'] to see if it should run else exit silently.
// 2. Do something like $result = {$event['modfunc']}({$event['args'});
// 3. Save the result $event->setData($result).
// 4. $event->setNotify().
// return void
// This event means that no $type was found
$event = new \Zikula\Core\Event\GenericEvent(null, array('modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api), false);
$eventManager->dispatch('module_dispatch.type_not_found', $event);
if ($preExecuteEvent->isPropagationStopped()) {
return $preExecuteEvent->getData();
}
return false;
}
// Issue not found exception for controller requests
if (!System::isLegacyMode() && !$api) {
throw new Zikula_Exception_NotFound(__f('The requested controller action %s_Controller_%s::%s() could not be found', array($modname, $type, $func)));
}
}
/**
* Vetos (denies) a login attempt, and forces the user to change his password.
* This handler is triggered by the 'user.login.veto' event. It vetos (denies) a
* login attempt if the users's account record is flagged to force the user to change
* his password maintained by the Users module. If the user does not maintain a
* password on his Users account (e.g., he registered with and logs in with a Google
* Account or an OpenID, and never established a Users password), then this handler
* will not trigger a change of password.
*
* @param GenericEvent $event The event that triggered this handler.
*
* @return void
*
* @throws \RuntimeException Thrown if the user hasn't changed the account password
*/
public function forcedPasswordChange(GenericEvent $event)
{
$userObj = $event->getSubject();
$userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $userObj['uid'], false);
if ($userMustChangePassword && $userObj['pass'] != UsersConstant::PWD_NO_USERS_AUTHENTICATION) {
$event->stopPropagation();
$event->setData(array('redirect_func' => array('modname' => UsersConstant::MODNAME, 'type' => 'user', 'func' => 'changePassword', 'args' => array('login' => true), 'session' => array('var' => 'User_changePassword', 'namespace' => UsersConstant::SESSION_VAR_NAMESPACE))));
$this->requestStack->getCurrentRequest()->getSession()->getFlashBag()->add('error', __("Your log-in request was not completed. You must change your web site account's password first."));
}
}
/**
* Debug toolbar rendering (listener for 'theme.prefetch' and 'theme.postfetch' events).
*
* @param GenericEvent $event Event.
*
* @return void
*/
public function debugToolbarRendering(GenericEvent $event)
{
if (!$event->getSubject() instanceof \Zikula_ErrorHandler_Ajax) {
if ($event->getName() == 'theme.prefetch') {
// force object construction (debug toolbar constructor registers javascript and css files via PageUtil)
$this->container->get('debug.toolbar');
} else {
$toolbar = $this->container->get('debug.toolbar');
$html = $toolbar->getContent() . "\n</body>";
$event->setData(str_replace('</body>', $html, $event->getData()));
}
}
}
public static function moduleservices(GenericEvent $event)
{
// check if this is for this handler
$subject = $event->getSubject();
if (!($event['method'] == 'moduleservices' && strrpos(get_class($subject), '_Controller_Admin'))) {
return;
}
$moduleName = $subject->getName();
if (!SecurityUtil::checkPermission($moduleName . '::', '::', ACCESS_ADMIN)) {
throw new \Zikula\Framework\Exception\ForbiddenException();
}
$view = Zikula_View::getInstance('Extensions', false);
$view->assign('currentmodule', $moduleName);
// notify EVENT here to gather any system service links
$localevent = new GenericEvent($subject, array('modname' => $moduleName));
EventUtil::dispatch('module_dispatch.service_links', $localevent);
$sublinks = $localevent->getData();
$view->assign('sublinks', $sublinks);
$event->setData($view->fetch('HookUi/moduleservices.tpl'));
$event->stopPropagation();
}
