public function execute(){
require_once(ROOT_PDIR . 'core/libs/core/Core.class.php');
require_once(ROOT_PDIR . 'core/libs/core/ComponentHandler.class.php');
require_once(ROOT_PDIR . 'core/helpers/UpdaterHelper.class.php');
// Is the system not installed yet?
//if(!\Core\DB()->tableExists(DB_PREFIX . 'component')){
try{
\Core::LoadComponents();
//\ThemeHandler::GetTheme('default')->install();
\ThemeHandler::GetTheme('base-v3')->install();
unset($_SESSION['passes']);
// Yup, that's it!
// The core system handles all installs automatically.
\core\redirect(ROOT_WDIR);
}
catch(\Exception $e){
$this->getTemplate()->assign('errors', $e->getMessage());
$this->getTemplate()->assign('component', 'Core Plus');
}
}
public static function Catch404Hook(View $view){
$request = PageRequest::GetSystemRequest();
// All the exact matches, in the order of precedence.
$exactmatches = [];
// The first search I want do is for the full URL exactly as submitted.
// This is because the user can submit URLs with GET parameters attached to them.
// It needs to act in a google-esque manner, where if the user requested x=1&y=2... then give them x=1 and y=2!
$exactmatches[] = '/' . substr($request->uri, strlen(ROOT_WDIR));
// This one is the resolved URL, without any GET parameters. It's still a very common and very specific rewrite choice.
$exactmatches[] = $request->uriresolved;
// Now, look for them!
foreach($exactmatches as $incomingurl){
// Look for it!
$maps = RewriteMapModel::Find(array('rewriteurl' => $incomingurl));
// Did I get one did I get one did I get one?
if(sizeof($maps)){
// Grab the first one, that'll be the latest, (should multiple exist.... somehow :/ )
$match = $maps[0]->get('baseurl');
// Resolve that to the new rewriteurl and redirect!
$newpage = PageModel::Construct($match);
\core\redirect($newpage->get('rewriteurl'), 301);
}
}
// Else, no match was found... maybe it's a fuzzy page!
// Since this page will have no longer existed, I can't just use the builtin logic :(
$fuzzy = $request->uriresolved;
do{
$fuzzy = substr($fuzzy, 0, strrpos($fuzzy, '/'));
$fuzzymaps = RewriteMapModel::Find(array('rewriteurl' => $fuzzy, 'fuzzy' => '1'));
if(sizeof($fuzzymaps)){
// Yay!
// Don't forget to throw on the rest of the url.
$match = $fuzzymaps[0]->get('baseurl');
$newpage = PageModel::Construct($match);
$url = $newpage->get('rewriteurl');
if($newpage->get('fuzzy')){
// Only if the new page is fuzzy too.
$url .= substr($incomingurl, strlen($fuzzy));
}
\core\redirect($url, 301);
}
}
while($fuzzy);
// Sigh, guess this page didn't make the cut.
// There is no return necessary, this hook will simply silently continue to the next.
}
public function delete()
{
$view = $this->getView();
$req = $this->getPageRequest();
$mid = $req->getParameter(0);
$m = new NavigationModel($mid);
if (!$req->isPost()) {
return View::ERROR_BADREQUEST;
}
if (!$m->exists()) {
return View::ERROR_NOTFOUND;
}
$m->delete();
\core\redirect('/navigation');
}
public function keys_delete() {
$view = $this->getView();
$req = $this->getPageRequest();
// This is a post-only page!
if(!$req->isPost()){
$view->error = View::ERROR_BADREQUEST;
return;
}
$key = $req->getParameter(0);
if(!$key){
$view->error = View::ERROR_BADREQUEST;
return;
}
$key = strtoupper(preg_replace('/[^a-zA-Z0-9]*/', '', $key));
exec('gpg --homedir "' . GPG_HOMEDIR . '" --no-permission-warning --batch --yes --delete-key "' . $key . '"', $output, $result);
if($result != 0){
\Core\set_message('Unable to remove key ' . $key, 'error');
}
\core\redirect('/updater/keys');
}
public function images_delete()
{
$view = $this->getView();
$request = $this->getPageRequest();
if (!$request->isPost()) {
return View::ERROR_BADREQUEST;
}
$albumid = $request->getParameter(0);
$album = new GalleryAlbumModel($albumid);
$image = new GalleryImageModel($request->getParameter('image'));
if (!$albumid) {
return View::ERROR_BADREQUEST;
}
if (!$album->exists()) {
return View::ERROR_NOTFOUND;
}
if (!$image->exists()) {
return View::ERROR_NOTFOUND;
}
if ($image->get('albumid') != $album->get('id')) {
return View::ERROR_BADREQUEST;
}
$image->delete();
Core::SetMessage('Removed image successfully', 'success');
\core\redirect($album->get('rewriteurl'));
}
public function delete(){
$view = $this->getView();
$req = $this->getPageRequest();
$id = $req->getParameter(0);
$model = new UserGroupModel($id);
if(!$req->isPost()){
return View::ERROR_BADREQUEST;
}
if(Core::IsComponentAvailable('multisite') && MultiSiteHelper::IsEnabled()){
$where['site'] = MultiSiteHelper::GetCurrentSiteID();
}
$model->delete();
\Core\set_message('Removed group successfully', 'success');
\core\redirect('/usergroupadmin');
}
private function _forgotPassword2(){
$view = $this->getView();
$request = $this->getPageRequest();
$genericauth = new \Core\User\AuthDrivers\datastore();
// Create a simple form to render. This is better than doing it in the template.
$form = new Form();
$form->set('method', 'POST');
$form->addElement('password', ['name' => 'p1', 'title' => 'Password', 'required' => true]);
$form->addElement('password', ['name' => 'p2', 'title' => 'Confirm', 'required' => true]);
$form->addElement('submit', ['name' => 'submit', 'value' => 'Set New Password']);
$view->title = 'Forgot Password';
$view->assign('step', 2);
$view->assign('form', $form);
$view->assign('requirements', $genericauth->getPasswordComplexityAsHTML());
$n = $request->getParameter(0);
/** @var $nonce NonceModel */
$nonce = NonceModel::Construct($n);
if(!$nonce->isValid()){
SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. Invalid nonce requested: [' . $n . ']');
\Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND');
\core\redirect('/');
return;
}
$nonce->decryptData();
$data = $nonce->get('data');
/** @var UserModel $u */
$u = UserModel::Construct($data['user']);
if(!$u){
SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. Invalid user account requested: [' . $data['user'] . ']');
\Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND');
\core\redirect('/');
return;
}
if($request->isPost()){
// Validate the password.
if($_POST['p1'] != $_POST['p2']){
\Core\set_message('t:MESSAGE_ERROR_USER_REGISTER_PASSWORD_MISMATCH');
return;
}
// Else, try to set it... the user model will complain if it's invalid.
try{
$u->enableAuthDriver('datastore');
/** @var \Core\User\AuthDrivers\datastore $auth */
$auth = $u->getAuthDriver('datastore');
$auth->setPassword($_POST['p1']);
$u->save();
// NOW I can invalidate that nonce!
$nonce->markUsed();
SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Reset password successfully!', null, $u->get('id'));
\Core\set_message('Reset password successfully', 'success');
if($u->get('active')){
\Core\Session::SetUser($u);
}
\core\redirect('/');
}
catch(ModelValidationException $e){
SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. ' . $e->getMessage(), null, $u->get('id'));
\Core\set_message($e->getMessage(), 'error');
return;
}
catch(Exception $e){
SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. ' . $e->getMessage(), null, $u->get('id'));
\Core\set_message((DEVELOPMENT_MODE ? $e->getMessage() : 'An unknown error occured'), 'error');
return;
}
}
}
/**
* Helper function for the setdefault method.
* @param $message
*/
private function _sendError($message)
{
$request = $this->getPageRequest();
$view = $this->getView();
if ($request->prefersContentType(View::CTYPE_JSON)) {
$view->jsondata = array('message' => $message, 'status' => 0);
} else {
\Core\set_message($message, 'error');
\core\redirect('/theme');
}
}
/**
* Function that is fired off on page load.
* This checks if a form was submitted and that form was present in the SESSION.
*
* @return null
*/
public static function CheckSavedSessionData() {
// This needs to ignore the /form/savetemporary.ajax page!
// This is a custom page that's meant to intercept all POST submissions.
if(preg_match('#^/form/(.*)\.ajax$#', REL_REQUEST_PATH)) return;
// There has to be data in the session.
$forms = \Core\Session::Get('FormData/*');
$formid = (isset($_REQUEST['___formid'])) ? $_REQUEST['___formid'] : false;
$form = false;
foreach ($forms as $k => $v) {
// If the object isn't a valid object after unserializing...
if (!($el = unserialize($v))) {
\Core\Session::UnsetKey('FormData/' . $k);
continue;
}
// Check the expires time
if ($el->get('expires') <= Time::GetCurrent()) {
\Core\Session::UnsetKey('FormData/' . $k);
continue;
}
if ($k == $formid) {
// Remember this for after all the checks have finished.
$form = $el;
}
}
// No form found... simple enough
if (!$form) return;
// Otherwise
/** @var $form Form */
// Ensure the submission types match up.
if (strtoupper($form->get('method')) != $_SERVER['REQUEST_METHOD']) {
\Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_TYPE_DOES_NOT_MATCH');
return;
}
// Ensure the REFERRER and original URL match up.
if($_SERVER['HTTP_REFERER'] != $form->originalurl){
// @todo This is reported to be causing issues with production sites.
// If found true, this check may need to be removed / refactored.
//\Core\set_message('Form submission referrer does not match, please try your submission again.', 'error');
SystemLogModel::LogInfoEvent(
'Form Referrer Mismatch',
'Form referrer does not match! Submitted: [' . $_SERVER['HTTP_REFERER'] . '] Expected: [' . $form->originalurl . ']'
);
//return;
}
// Run though each element submitted and try to validate it.
if (strtoupper($form->get('method')) == 'POST') $src =& $_POST;
else $src =& $_GET;
$form->loadFrom($src);
// Try to load the form from that form. That will call all of the model's validation logic
// and will throw exceptions if it doesn't.
try{
$form->getModel();
// Still good?
if (!$form->hasError()){
$status = call_user_func($form->get('callsmethod'), $form);
}
else{
$status = false;
}
}
catch(ModelValidationException $e){
\Core\set_message($e->getMessage(), 'error');
$status = false;
}
catch(GeneralValidationException $e){
\Core\set_message($e->getMessage(), 'error');
$status = false;
}
catch(Exception $e){
if(DEVELOPMENT_MODE){
// Developers get the full message
\Core\set_message($e->getMessage(), 'error');
}
else{
// While users of production-enabled sites get a friendlier message.
\Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_UNHANDLED_EXCEPTION');
}
Core\ErrorManagement\exception_handler($e);
$status = false;
}
// The form was submitted. Set its persistent flag to true so that whatever may be listening for it can retrieve the user's values.
$form->persistent = true;
// Regardless, bundle this form back into the session so the controller can use it if needed.
\Core\Session::Set('FormData/' . $formid, serialize($form));
// Fail statuses.
if ($status === false) return;
if ($status === null) return;
// Guess it's not false and not null... must be good then.
// @todo Handle an internal save procedure for "special" groups such as pageinsertables and what not.
// Cleanup
\Core\Session::UnsetKey('FormData/' . $formid);
if ($status === 'die'){
// If it's set to die, simply exit the script without outputting anything.
exit;
}
elseif($status === 'back'){
if($form->referrer && $form->referrer != REL_REQUEST_PATH){
// Go back to the original form's referrer.
\Core\redirect($form->referrer);
}
else{
// Use Core to guess which page to redirect back to, (not as reliable).
\Core\go_back();
}
}
elseif ($status === true){
// If the return code is boolean true, it's a reload.
\Core\reload();
}
elseif($status === REL_REQUEST_PATH || $status === CUR_CALL){
// If the page returned the same page as the current url, force a reload, (as redirect will ignore it)
\Core\reload();
}
else{
// Anything else gets sent to the redirect system.
\core\redirect($status);
}
}
/**
* The frontend listing page that displays all blog articles that are published across the system.
*/
public function index()
{
$view = $this->getView();
$request = $this->getPageRequest();
$manager = \Core\user()->checkAccess('p:/blog/manage_all');
// Get a list of all the blogs on the system. I'll get the page object from each one and see if the current user has access
// to each one. Then I'll have a list of ids that the user can view.
$parents = array();
$editor = false;
$page = null;
$blogs = BlogModel::Find(null, null, null);
foreach ($blogs as $blog) {
/** @var BlogModel $blog */
$page = $blog->getLink('Page');
$editor = \Core\user()->checkAccess($blog->get('manage_articles_permission ')) || $manager;
$viewer = \Core\user()->checkAccess($blog->get('access')) || $editor;
if (!$viewer) {
continue;
}
$parents[] = $blog->get('baseurl');
}
// Is the user a manager, but no blogs exist on the system?
if ($manager && !sizeof($parents)) {
Core::SetMessage('There are no blogs on the system currently, you can use the All Pages interface to create one.', 'tutorial');
\core\redirect('/admin/pages');
}
$filters = new FilterForm();
$filters->haspagination = true;
$filters->setLimit(20);
$filters->load($this->getPageRequest());
$factory = new ModelFactory('PageModel');
if (sizeof($parents)) {
$factory->where('parenturl IN ' . implode(',', $parents));
} else {
// This is to prevent the system from trying to load all pages that have a parent of "".
$factory->where('parenturl = -there-are-no-blogs-');
}
if ($request->getParameter('q')) {
$query = $request->getParameter('q');
$factory->where(\Core\Search\Helper::GetWhereClause($request->getParameter('q')));
} else {
$query = null;
}
$factory->order('published DESC');
if (!$editor) {
// Limit these to published articles.
$factory->where('published_status = published');
// And where the published date is >= now.
$factory->where('published <= ' . CoreDateTime::Now('U', Time::TIMEZONE_GMT));
}
$filters->applyToFactory($factory);
$articles = $factory->get();
//var_dump($factory, $articles); die();
$view->mode = View::MODE_PAGEORAJAX;
$view->assign('articles', $articles);
$view->assign('page', $page);
$view->assign('filters', $filters);
$view->assign('query', $query);
if ($editor) {
//$view->addControl('Add Blog Article', '/blog/article/create/' . $blog->get('id'), 'add');
}
if ($manager) {
$view->addControl('Edit Blog Listing Page', '/blog/editindex', 'edit');
$view->addControl('Create New Blog', '/blog/create', 'add');
$view->addControl('All Articles', '/admin/pages/?filter[parenturl]=/blog/view/', 'tasks');
}
}
/**
* This is a helper controller to expose server-side data to javascript.
*
* It's useful for currently logged in user and what not.
* Obviously nothing critical is exposed here, since it'll be sent to the useragent.
*/
public function jshelper(){
$request = $this->getPageRequest();
// This is a json-only page.
if($request->ctype != View::CTYPE_JSON){
\core\redirect('/');
}
// The data that will be returned.
$data = array();
$cu = Core::User();
if(!$cu->exists()){
$data['user'] = array(
'id' => null,
'displayname' => ConfigHandler::Get('/user/displayname/anonymous'),
//'email' => null,
);
$data['accessstringtemplate'] = null;
}
else{
$data['user'] = array(
'id' => $cu->get('id'),
'displayname' => $cu->getDisplayName(),
//'email' => $cu->get('email'),
);
// Templated version of the access string form system, useful for dynamic permissions on the page.
$templateel = new FormAccessStringInput(array(
'title' => '##TITLE##',
'name' => '##NAME##',
'description' => '##DESCRIPTION##',
'class' => '##CLASS##',
'value' => 'none'
));
$data['accessstringtemplate'] = $templateel->render();
}
$this->getView()->jsondata = $data;
$this->getView()->contenttype = View::CTYPE_JSON;
}
