/**
* Process submitting of the mail form.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the thread with specified ID and token is
* not found.
*/
public function submitFormAction(Request $request)
{
$errors = array();
$thread_id = $request->attributes->get('thread_id');
$token = $request->attributes->get('token');
// Try to load the thread
$thread = Thread::load($thread_id, $token);
if (!$thread) {
throw new NotFoundException('The thread is not found.');
}
$email = $request->request->get('email');
$group = $thread->groupId ? group_by_id($thread->groupId) : null;
if (!$email) {
$errors[] = no_field('Your email');
} elseif (!MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('Your email');
}
if (count($errors) > 0) {
$request->attributes->set('errors', $errors);
// Render the mail form again
return $this->showFormAction($request);
}
$history = '';
$last_id = -1;
$messages = $thread->getMessages(true, $last_id);
foreach ($messages as $msg) {
$history .= message_to_text($msg);
}
// Load mail templates and substitute placeholders there.
$mail_template = MailTemplate::loadByName('user_history', get_current_locale());
if ($mail_template) {
$this->sendMail(MailUtils::buildMessage($email, MIBEW_MAILBOX, $mail_template->buildSubject(), $mail_template->buildBody(array($thread->userName, $history, Settings::get('title'), Settings::get('hosturl')))));
} else {
trigger_error('Cannot send e-mail because "user_history" mail template cannot be loaded.', E_USER_WARNING);
}
$page = setup_logo($group);
$page['email'] = $email;
return $this->render('mailsent', $page);
}
}
if (!$commonname) {
$errors[] = no_field("form.field.agent_commonname");
}
if (!$login) {
$errors[] = no_field("form.field.login");
} else {
if (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal("page_agent.error.wrong_login");
}
}
if ($email != '' && !is_valid_email($email)) {
$errors[] = wrong_field("form.field.mail");
}
if ($jabber != '' && !is_valid_email($jabber)) {
$errors[] = wrong_field("form.field.jabber");
}
if ($jabbernotify && $jabber == '') {
if ($settings['enablejabber'] == "1") {
$errors[] = no_field("form.field.jabber");
} else {
$jabbernotify = false;
}
}
if (!$opId && !$password) {
$errors[] = no_field("form.field.password");
}
if ($password != $passwordConfirm) {
$errors[] = getlocal("my_settings.error.password_match");
}
$existing_operator = operator_by_login($login);
require_once 'libs/notify.php';
$errors = array();
$page = array();
$token = verifyparam("token", "/^\\d{1,8}\$/");
$threadid = verifyparam("thread", "/^\\d{1,8}\$/");
$thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {
die("wrong thread");
}
$email = getparam('email');
$page['email'] = $email;
if (!$email) {
$errors[] = no_field("form.field.email");
} else {
if (!is_valid_email($email)) {
$errors[] = wrong_field("form.field.email");
}
}
if (count($errors) > 0) {
$page['formemail'] = $email;
$page['ct.chatThreadId'] = $thread['threadid'];
$page['ct.token'] = $thread['ltoken'];
$page['level'] = "";
setup_logo();
expand("styles", getchatstyle(), "mail.tpl");
exit;
}
$history = "";
$lastid = -1;
$output = get_messages($threadid, "text", true, $lastid);
foreach ($output as $msg) {
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showEditFormAction()} method.
*
* @param Request $request incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$group_id = $request->attributes->get('group_id', false);
$parent_group = $request->request->get('parentgroup');
if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) {
$parent_group = null;
}
$name = $request->request->get('name');
$description = $request->request->get('description');
$common_name = $request->request->get('commonname');
$common_description = $request->request->get('commondescription');
$email = $request->request->get('email');
$weight = $request->request->get('weight');
$title = $request->request->get('title');
$chat_title = $request->request->get('chattitle');
$host_url = $request->request->get('hosturl');
$logo = $request->request->get('logo');
if (!$name) {
$errors[] = no_field("Name");
}
if ($email != '' && !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field("E-mail");
}
if (!preg_match("/^(\\d{1,10})?\$/", $weight)) {
$errors[] = wrong_field("Weight");
}
if (!$weight) {
$weight = 0;
}
$existing_group = group_by_name($name);
$duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid'];
if ($duplicate_name) {
$errors[] = getlocal("Please choose another name because a group with that name already exists.");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$group_id) {
// Greate new group
$new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's member page.
$redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid']));
} else {
// Update exisitng group
update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
// Redirect an operator to group's page.
$redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id));
}
return $this->redirect($redirect_to);
}
/**
* Process submitted leave message form.
*
* Send message to operator email and create special meil thread.
* @param array $args Associative array of arguments. It must contains the
* following keys:
* - 'threadId': for this function this param equals to null;
* - 'token': for this function this param equals to null;
* - 'name': string, user name;
* - 'email': string, user email;
* - 'message': string, user message;
* - 'info': string, some info about user;
* - 'referrer': string, page user came from;
* - 'captcha': string, captcha value;
* - 'groupId': selected group id.
*
* @throws \Mibew\RequestProcessor\ThreadProcessorException Can throw an
* exception if captcha or email is wrong.
*/
protected function apiProcessLeaveMessage($args)
{
// Check captcha
if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) {
$captcha = $args['captcha'];
$original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
: '';
unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
if (empty($original) || empty($captcha) || $captcha != $original) {
throw new ThreadProcessorException(
getlocal('The letters you typed don\'t match the letters that were shown in the picture.'),
ThreadProcessorException::ERROR_WRONG_CAPTCHA
);
}
}
// Get form fields
$email = $args['email'];
$name = $args['name'];
$message = $args['message'];
$info = $args['info'];
$referrer = $args['referrer'];
if (!MailUtils::isValidAddress($email)) {
throw new ThreadProcessorException(
wrong_field("Your email"),
ThreadProcessorException::ERROR_WRONG_EMAIL
);
}
// Verify group id
$group_id = '';
if (Settings::get('enablegroups') == '1') {
if (preg_match("/^\d{1,8}$/", $args['groupId']) != 0) {
$group = group_by_id($args['groupId']);
if ($group) {
$group_id = $args['groupId'];
}
}
}
// Create thread for left message
$remote_host = get_remote_host();
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$visitor = visitor_from_request();
// Get message locale
$message_locale = Settings::get('left_messages_locale');
if (!locale_is_available($message_locale)) {
$message_locale = get_home_locale();
}
// Create thread
$thread = new Thread();
$thread->groupId = $group_id;
$thread->userName = $name;
$thread->remote = $remote_host;
$thread->referer = $referrer;
$thread->locale = get_current_locale();
$thread->userId = $visitor['id'];
$thread->userAgent = $user_browser;
$thread->state = Thread::STATE_LEFT;
$thread->closed = time();
$thread->save();
// Send some messages
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)
);
}
if ($email) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
);
}
if ($info) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Info: {0}', array($info), get_current_locale(), true)
);
}
$thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
// Get email for message
$inbox_mail = get_group_email($group_id);
if (empty($inbox_mail)) {
$inbox_mail = Settings::get('email');
}
// Send email
if ($inbox_mail) {
// Prepare message to send by email
$mail_template = MailTemplate::loadByName('leave_message', $message_locale);
if (!$mail_template) {
trigger_error(
'Cannot send e-mail because "leave_message" mail template cannot be loaded.',
E_USER_WARNING
);
return;
}
$subject = $mail_template->buildSubject(array($args['name']));
$body = $mail_template->buildBody(array(
$args['name'],
$email,
$message,
($info ? $info . "\n" : ""),
));
// Send
$this->getMailerFactory()->getMailer()->send(
MailUtils::buildMessage($inbox_mail, $email, $subject, $body)
);
}
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\BanController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the ban with specified ID is not found in
* the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$page = array('banId' => '', 'saved' => false);
// Get form fields and validate them
$ban_id = $request->attributes->getInt('ban_id');
$address = $request->request->get('address');
$days = $request->request->get('days');
$comment = $request->request->get('comment');
if (!$address) {
$errors[] = no_field('Visitor\'s Address');
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field('Days');
}
if (!$comment) {
$errors[] = no_field('Comment');
}
// Check if the ban already exists in the database
$existing_ban = Ban::loadByAddress($address);
$ban_duplicate = !$ban_id && $existing_ban || $ban_id && $existing_ban && $ban_id != $existing_ban->id;
if ($ban_duplicate) {
$ban_url = $this->generateUrl('ban_edit', array('ban_id' => $existing_ban->id));
$errors[] = getlocal('The specified address is already in use. Click <a href="{1}">here</a> if you want to edit it.', array($address, $ban_url));
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
// Save ban into the database
if (!$ban_id) {
$ban = new Ban();
$ban->created = time();
} else {
$ban = Ban::load($ban_id);
if (!$ban) {
throw new NotFoundException('The ban is not found.');
}
}
$ban->till = time() + $days * 24 * 60 * 60;
$ban->address = $address;
$ban->comment = $comment;
$ban->save();
// Rerender the form page
$page['saved'] = true;
$page['address'] = $address;
$page['title'] = getlocal('Block address');
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('ban', $page);
}
$page = array('banId' => '');
$page['saved'] = false;
$page['thread'] = '';
$page['threadid'] = '';
$errors = array();
if (isset($_POST['address'])) {
$banId = verifyparam("banId", "/^(\\d{1,10})?\$/", "");
$address = getparam("address");
$days = getparam("days");
$comment = getparam('comment');
$threadid = isset($_POST['threadid']) ? getparam('threadid') : "";
if (!$address) {
$errors[] = no_field("form.field.address");
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field("form.field.ban_days");
}
if (!$comment) {
$errors[] = no_field("form.field.ban_comment");
}
$link = connect();
$existing_ban = ban_for_addr_($address, $link);
mysql_close($link);
if (!$banId && $existing_ban || $banId && $existing_ban && $banId != $existing_ban['banid']) {
$errors[] = getlocal2("ban.error.duplicate", array(safe_htmlspecialchars($address), safe_htmlspecialchars($existing_ban['banid'])));
}
if (count($errors) == 0) {
$link = connect();
$utime = time() + $days * 24 * 60 * 60;
if (!$banId) {
$query = sprintf("insert into {$mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link));
if (isset($_POST['onlinetimeout'])) {
$params['online_timeout'] = getparam('onlinetimeout');
if (!is_numeric($params['online_timeout'])) {
$errors[] = wrong_field("settings.onlinetimeout");
}
$params['updatefrequency_operator'] = getparam('frequencyoperator');
if (!is_numeric($params['updatefrequency_operator'])) {
$errors[] = wrong_field("settings.frequencyoperator");
}
$params['updatefrequency_chat'] = getparam('frequencychat');
if (!is_numeric($params['updatefrequency_chat'])) {
$errors[] = wrong_field("settings.frequencychat");
}
$params['updatefrequency_oldchat'] = getparam('frequencyoldchat');
if (!is_numeric($params['updatefrequency_oldchat'])) {
$errors[] = wrong_field("settings.frequencyoldchat");
}
$params['max_connections_from_one_host'] = getparam('onehostconnections');
if (!is_numeric($params['max_connections_from_one_host'])) {
$errors[] = getlocal("settings.wrong.onehostconnections");
}
if (count($errors) == 0) {
foreach ($options as $opt) {
$settings[$opt] = $params[$opt];
}
update_settings();
header("Location: {$webimroot}/operator/performance.php?stored");
exit;
}
}
$page['formonlinetimeout'] = $params['online_timeout'];
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\PerformanceController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$params = array();
$params['online_timeout'] = $request->request->get('onlinetimeout');
if (!is_numeric($params['online_timeout'])) {
$errors[] = wrong_field("Operator online time threshold");
}
$params['connection_timeout'] = $request->request->get('connectiontimeout');
if (!is_numeric($params['connection_timeout'])) {
$errors[] = wrong_field("Connection timeout for messaging window");
}
$params['updatefrequency_operator'] = $request->request->get('frequencyoperator');
if (!is_numeric($params['updatefrequency_operator'])) {
$errors[] = wrong_field("Operator's console refresh time");
}
$params['updatefrequency_chat'] = $request->request->get('frequencychat');
if (!is_numeric($params['updatefrequency_chat'])) {
$errors[] = wrong_field("Chat refresh time");
}
$params['max_connections_from_one_host'] = $request->request->get('onehostconnections');
if (!is_numeric($params['max_connections_from_one_host'])) {
$errors[] = getlocal("\"Max number of threads\" field should be a number");
}
$params['thread_lifetime'] = $request->request->get('threadlifetime');
if (!is_numeric($params['thread_lifetime'])) {
$errors[] = getlocal("\"Thread lifetime\" field should be a number");
}
if (Settings::get('enabletracking')) {
$params['updatefrequency_tracking'] = $request->request->get('frequencytracking');
if (!is_numeric($params['updatefrequency_tracking'])) {
$errors[] = wrong_field("Tracking refresh time");
}
$params['visitors_limit'] = $request->request->get('visitorslimit');
if (!is_numeric($params['visitors_limit'])) {
$errors[] = wrong_field("Limit for tracked visitors list");
}
$params['invitation_lifetime'] = $request->request->get('invitationlifetime');
if (!is_numeric($params['invitation_lifetime'])) {
$errors[] = wrong_field("Invitation lifetime");
}
$params['tracking_lifetime'] = $request->request->get('trackinglifetime');
if (!is_numeric($params['tracking_lifetime'])) {
$errors[] = wrong_field("Track lifetime");
}
}
$params['max_uploaded_file_size'] = $request->request->get('maxuploadedfilesize');
if (!is_numeric($params['max_uploaded_file_size'])) {
$errors[] = wrong_field("Maximum size of uploaded files");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Update settings in the database
foreach ($params as $key => $value) {
Settings::set($key, $value);
}
// Redirect the current operator to the same page using get method.
$redirect_to = $this->generateUrl('settings_performance', array('stored' => true));
return $this->redirect($redirect_to);
}
