public function grab()
 {
     parent::grab();
     $author_ids = $this->_getAuthorIds();
     $authors = AuthorManager::fetchByID($author_ids, 'id', $this->dsParamORDER);
     return (array) $authors;
 }
 /**
  * I absolutely stole this next bit! Thank you craig zheng (craig@symphony-cms.com) :)
  * 	via the Tracker extension
  */
 public function appendPreferences($context)
 {
     include_once TOOLKIT . '/class.authormanager.php';
     include_once TOOLKIT . '/class.sectionmanager.php';
     // Fieldset and layout
     $group = new XMLElement('fieldset');
     $group->setAttribute('class', 'settings');
     $group->appendChild(new XMLElement('legend', __('Mass Upload Utility')));
     $div = new XMLElement('div');
     $div->setAttribute('class', 'group double');
     // Excluded Sections
     $label = Widget::Label(__('Excluded Sections'));
     $options = array();
     $sections = SectionManager::fetch();
     $excluded_sections = explode(',', Symphony::Configuration()->get('excluded-sections', 'massuploadutility'));
     if (!empty($sections) && is_array($sections)) {
         foreach ($sections as $section) {
             $selected = in_array($section->get('id'), $excluded_sections) ? TRUE : FALSE;
             $options[] = array($section->get('id'), $selected, $section->get('name'));
         }
     }
     $input = Widget::Select('settings[massuploadutility][excluded-sections][]', $options, array('multiple' => 'multiple'));
     $label->appendChild($input);
     $div->appendChild($label);
     // Excluded Users
     $label = Widget::Label(__('Excluded Users'));
     $options = array();
     $am = new AuthorManager(Administration::instance());
     $authors = $am->fetch();
     $excluded_authors = explode(',', Symphony::Configuration()->get('excluded-users', 'massuploadutility'));
     if (!empty($authors) && is_array($authors)) {
         foreach ($authors as $author) {
             $selected = in_array($author->get('id'), $excluded_authors) ? TRUE : FALSE;
             $options[] = array($author->get('id'), $selected, $author->getFullName());
         }
     }
     $input = Widget::Select('settings[massuploadutility][excluded-users][]', $options, array('multiple' => 'multiple'));
     $label->appendChild($input);
     $div->appendChild($label);
     $group->appendChild($div);
     $context['wrapper']->appendChild($group);
 }
 public function __viewIndex()
 {
     $entry_id = $_REQUEST['entry_id'];
     $author_id = $_REQUEST['author_id'];
     if (!$entry_id || !$author_id) {
         echo json_encode('expired');
         exit;
     }
     $setup = $_REQUEST['setup'];
     $force = $_REQUEST['force'];
     if ($force == 'true') {
         $this->_driver->removeTheLockByEntry($entry_id);
         $this->_driver->renewTheLock($entry_id, $author_id);
         echo json_encode('true');
         exit;
     }
     $lock = $this->_driver->lockExists($entry_id);
     if ($author_id != $lock[0] && $lock[0] > 0) {
         $authorManager = new AuthorManager($this->_Parent);
         $author = $authorManager->fetchByID($lock[0]);
         echo json_encode($author->getFullName());
     } else {
         if ($lock == -1) {
             echo json_encode('expired-lifetime');
         } else {
             if ($lock == 0 && $setup == true) {
                 $this->_driver->renewTheLock($entry_id, $author_id);
                 echo json_encode('true');
             } else {
                 if ($lock == 0) {
                     echo json_encode('expired');
                 } else {
                     $this->_driver->renewTheLock($entry_id, $author_id);
                     echo json_encode('true');
                 }
             }
         }
     }
     exit;
 }
 public function ldap_login($context)
 {
     if (!empty($context->username) || !empty($_POST['password'])) {
         //LDAP connection
         $ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors'));
         if ($ldap) {
             ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors'));
             $filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors'));
             $basedn = Symphony::Configuration()->get('basedn', 'ldap_authors');
             try {
                 //Attempt to authenticate to the LDAP server
                 $bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']);
                 $user = AuthorManager::fetchByUsername($context['username']);
                 if (count($user) > 0 && $user->get('LDAP') === '1') {
                     //LDAP user has visited before therefore login
                     $this->login($user);
                     return true;
                 } else {
                     //New LDAP user, we need to insert their details in the authors table
                     $ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn);
                     if ($ldap_user) {
                         //Get attributes and insert data
                         $attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors'));
                         $author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]);
                         if (count($author_details) == 3) {
                             $id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true));
                             if ($id) {
                                 //Once user is inserted log them in
                                 $user = AuthorManager::fetchByID($id);
                                 $this->login($user);
                                 return true;
                             } else {
                                 Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR);
                             }
                         } else {
                             Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR);
                         }
                     } else {
                         Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR);
                     }
                 }
             } catch (Exception $e) {
                 Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING);
             }
             return false;
         } else {
             Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR);
         }
     }
 }
Пример #5
0
 /**
  * Overload the Symphony::login function to bypass some code that
  * forces use of the Administration class (which of course is not
  * available in Shell). Hopefully this is fixed in the core Symphony code
  *
  */
 public static function login($username, $password, $isHash = false)
 {
     $username = self::Database()->cleanValue($username);
     $password = self::Database()->cleanValue($password);
     if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
         $author = \AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n                `username` = '%s'\n                ", $username));
         if (!empty($author) && \Cryptography::compare($password, current($author)->get('password'), $isHash)) {
             self::$Author = current($author);
             // Only migrate hashes if there is no update available as the update might change the tbl_authors table.
             if (\Cryptography::requiresMigration(self::$Author->get('password'))) {
                 throw new ShellException('User details require updating. Please login to the admin interface.');
             }
             self::$Cookie->set('username', $username);
             self::$Cookie->set('pass', self::$Author->get('password'));
             self::Database()->update(array('last_seen' => \DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
             return true;
         }
     }
     return false;
 }
Пример #6
0
 public static function get()
 {
     $url_parts = REST_API::getRequestURI();
     $author_url = $url_parts[0];
     $response = new XMLElement('response');
     if (isset($author_url)) {
         if (is_numeric($author_url)) {
             $author = AuthorManager::fetchByID($author_url);
         } else {
             $author = AuthorManager::fetchByUsername($author_url);
         }
         if (!$author) {
             REST_API::sendError('Author not found.', 404);
         }
         $response->appendChild(self::__buildAuthorXML($author));
     } else {
         $authors = AuthorManager::fetch();
         foreach ($authors as $author) {
             $response->appendChild(self::__buildAuthorXML($author));
         }
     }
     REST_API::sendOutput($response);
 }
Пример #7
0
 function __viewIndex()
 {
     $sectionManager = new SectionManager($this->_Parent);
     if (!($section_id = $sectionManager->fetchIDFromHandle($this->_context['section_handle']))) {
         $this->_Parent->customError(E_USER_ERROR, __('Unknown Section'), __('The Section you are looking, <code>%s</code> for could not be found.', array($this->_context['section_handle'])), false, true);
     }
     $section = $sectionManager->fetch($section_id);
     $this->setPageType('table');
     $this->setTitle(__('%1$s &ndash; %2$s', array(__('Symphony'), $section->get('name'))));
     $this->Form->setAttribute("class", $this->_context['section_handle']);
     $entryManager = new EntryManager($this->_Parent);
     $authors = AuthorManager::fetch();
     $filter = $filter_value = $where = $joins = NULL;
     $current_page = isset($_REQUEST['pg']) && is_numeric($_REQUEST['pg']) ? max(1, intval($_REQUEST['pg'])) : 1;
     if (isset($_REQUEST['filter'])) {
         list($field_handle, $filter_value) = explode(':', $_REQUEST['filter'], 2);
         $field_names = explode(',', $field_handle);
         foreach ($field_names as $field_name) {
             $filter_value = rawurldecode($filter_value);
             $filter = Symphony::Database()->fetchVar('id', 0, "SELECT `f`.`id` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   FROM `tbl_fields` AS `f`, `tbl_sections` AS `s` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   WHERE `s`.`id` = `f`.`parent_section` \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   AND f.`element_name` = '{$field_name}' \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   AND `s`.`handle` = '" . $section->get('handle') . "' LIMIT 1");
             $field =& $entryManager->fieldManager->fetch($filter);
             if (is_object($field)) {
                 $field->buildDSRetrivalSQL(array($filter_value), $joins, $where, false);
                 $filter_value = rawurlencode($filter_value);
             }
         }
         if ($where != null) {
             $where = str_replace('AND', 'OR', $where);
             // multiple fields need to be OR
             $where = trim($where);
             $where = ' AND (' . substr($where, 2, strlen($where)) . ')';
             // replace leading OR with AND
         }
     }
     if (isset($_REQUEST['sort']) && is_numeric($_REQUEST['sort'])) {
         $sort = intval($_REQUEST['sort']);
         $order = $_REQUEST['order'] ? strtolower($_REQUEST['order']) : 'asc';
         if ($section->get('entry_order') != $sort || $section->get('entry_order_direction') != $order) {
             $sectionManager->edit($section->get('id'), array('entry_order' => $sort, 'entry_order_direction' => $order));
             redirect($this->_Parent->getCurrentPageURL() . ($filter ? "?filter={$field_handle}:{$filter_value}" : ''));
         }
     } elseif (isset($_REQUEST['unsort'])) {
         $sectionManager->edit($section->get('id'), array('entry_order' => NULL, 'entry_order_direction' => NULL));
         redirect($this->_Parent->getCurrentPageURL());
     }
     $this->Form->setAttribute('action', $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : ''));
     ## Remove the create button if there is a section link field, and no filtering set for it
     $section_links = $section->fetchFields('sectionlink');
     if (count($section_links) > 1 || !$filter && $section_links || is_object($section_links[0]) && $filter != $section_links[0]->get('id')) {
         $this->appendSubheading($section->get('name'));
     } else {
         $this->appendSubheading($section->get('name'), Widget::Anchor(__('Create New'), $this->_Parent->getCurrentPageURL() . 'new/' . ($filter ? '?prepopulate[' . $filter . ']=' . $filter_value : ''), __('Create a new entry'), 'create button'));
     }
     if (is_null($entryManager->getFetchSorting()->field) && is_null($entryManager->getFetchSorting()->direction)) {
         $entryManager->setFetchSortingDirection('DESC');
     }
     $entries = $entryManager->fetchByPage($current_page, $section_id, Symphony::Configuration()->get('pagination_maximum_rows', 'symphony'), $where, $joins);
     $aTableHead = array();
     $visible_columns = $section->fetchVisibleColumns();
     if (is_array($visible_columns) && !empty($visible_columns)) {
         foreach ($visible_columns as $column) {
             $label = $column->get('label');
             if ($column->isSortable()) {
                 if ($column->get('id') == $section->get('entry_order')) {
                     $link = $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . '&amp;sort=' . $column->get('id') . '&amp;order=' . ($section->get('entry_order_direction') == 'desc' ? 'asc' : 'desc') . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '');
                     $anchor = Widget::Anchor($label, $link, __('Sort by %1$s %2$s', array($section->get('entry_order_direction') == 'desc' ? __('ascending') : __('descending'), strtolower($column->get('label')))), 'active');
                 } else {
                     $link = $this->_Parent->getCurrentPageURL() . '?pg=' . $current_page . '&amp;sort=' . $column->get('id') . '&amp;order=asc' . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '');
                     $anchor = Widget::Anchor($label, $link, __('Sort by %1$s %2$s', array(__('ascending'), strtolower($column->get('label')))));
                 }
                 $aTableHead[] = array($anchor, 'col');
             } else {
                 $aTableHead[] = array($label, 'col');
             }
         }
     } else {
         $aTableHead[] = array(__('ID'), 'col');
     }
     $child_sections = NULL;
     $associated_sections = $section->fetchAssociatedSections();
     if (is_array($associated_sections) && !empty($associated_sections)) {
         $child_sections = array();
         foreach ($associated_sections as $key => $as) {
             $child_sections[$key] = $sectionManager->fetch($as['child_section_id']);
             $aTableHead[] = array($child_sections[$key]->get('name'), 'col');
         }
     }
     ## Table Body
     $aTableBody = array();
     if (!is_array($entries['records']) || empty($entries['records'])) {
         $aTableBody = array(Widget::TableRow(array(Widget::TableData(__('None found.'), 'inactive', NULL, count($aTableHead))), 'odd'));
     } else {
         $bOdd = true;
         $field_pool = array();
         if (is_array($visible_columns) && !empty($visible_columns)) {
             foreach ($visible_columns as $column) {
                 $field_pool[$column->get('id')] = $column;
             }
         }
         foreach ($entries['records'] as $entry) {
             $tableData = array();
             ## Setup each cell
             if (!is_array($visible_columns) || empty($visible_columns)) {
                 $tableData[] = Widget::TableData(Widget::Anchor($entry->get('id'), $this->_Parent->getCurrentPageURL() . 'edit/' . $entry->get('id') . '/'));
             } else {
                 $link = Widget::Anchor('None', $this->_Parent->getCurrentPageURL() . 'edit/' . $entry->get('id') . '/', $entry->get('id'), 'content');
                 foreach ($visible_columns as $position => $column) {
                     $data = $entry->getData($column->get('id'));
                     $field = $field_pool[$column->get('id')];
                     $value = $field->prepareTableValue($data, $position == 0 ? $link : null, $entry->get('id'));
                     if (!is_object($value) && strlen(trim($value)) == 0) {
                         $value = $position == 0 ? $link->generate() : __('None');
                     }
                     if ($value == 'None') {
                         $tableData[] = Widget::TableData($value, 'inactive');
                     } else {
                         $tableData[] = Widget::TableData($value);
                     }
                     unset($field);
                 }
             }
             if (is_array($child_sections) && !empty($child_sections)) {
                 foreach ($child_sections as $key => $as) {
                     $field = $entryManager->fieldManager->fetch((int) $associated_sections[$key]['child_section_field_id']);
                     $parent_section_field_id = (int) $associated_sections[$key]['parent_section_field_id'];
                     if (!is_null($parent_section_field_id)) {
                         $search_value = $field->fetchAssociatedEntrySearchValue($entry->getData($parent_section_field_id), $parent_section_field_id, $entry->get('id'));
                     } else {
                         $search_value = $entry->get('id');
                     }
                     $associated_entry_count = $field->fetchAssociatedEntryCount($search_value);
                     $tableData[] = Widget::TableData(Widget::Anchor(sprintf('%d &rarr;', max(0, intval($associated_entry_count))), sprintf('%s/symphony/publish/%s/?filter=%s:%s', URL, $as->get('handle'), $field->get('element_name'), rawurlencode($search_value)), $entry->get('id'), 'content'));
                 }
             }
             $tableData[count($tableData) - 1]->appendChild(Widget::Input('items[' . $entry->get('id') . ']', NULL, 'checkbox'));
             ## Add a row to the body array, assigning each cell to the row
             $aTableBody[] = Widget::TableRow($tableData, $bOdd ? 'odd' : NULL);
             $bOdd = !$bOdd;
         }
     }
     $table = Widget::Table(Widget::TableHead($aTableHead), NULL, Widget::TableBody($aTableBody));
     $this->Form->appendChild($table);
     $tableActions = new XMLElement('div');
     $tableActions->setAttribute('class', 'actions');
     $options = array(array(NULL, false, __('With Selected...')), array('delete', false, __('Delete')));
     $toggable_fields = $section->fetchToggleableFields();
     if (is_array($toggable_fields) && !empty($toggable_fields)) {
         $index = 2;
         foreach ($toggable_fields as $field) {
             $options[$index] = array('label' => __('Set %s', array($field->get('label'))), 'options' => array());
             foreach ($field->getToggleStates() as $value => $state) {
                 $options[$index]['options'][] = array('toggle-' . $field->get('id') . '-' . $value, false, $state);
             }
             $index++;
         }
     }
     $tableActions->appendChild(Widget::Select('with-selected', $options));
     $tableActions->appendChild(Widget::Input('action[apply]', __('Apply'), 'submit'));
     $this->Form->appendChild($tableActions);
     if ($entries['total-pages'] > 1) {
         $ul = new XMLElement('ul');
         $ul->setAttribute('class', 'page');
         ## First
         $li = new XMLElement('li');
         if ($current_page > 1) {
             $li->appendChild(Widget::Anchor(__('First'), $this->_Parent->getCurrentPageURL() . '?pg=1' . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '')));
         } else {
             $li->setValue(__('First'));
         }
         $ul->appendChild($li);
         ## Previous
         $li = new XMLElement('li');
         if ($current_page > 1) {
             $li->appendChild(Widget::Anchor(__('&larr; Previous'), $this->_Parent->getCurrentPageURL() . '?pg=' . ($current_page - 1) . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '')));
         } else {
             $li->setValue(__('&larr; Previous'));
         }
         $ul->appendChild($li);
         ## Summary
         $li = new XMLElement('li', __('Page %1$s of %2$s', array($current_page, max($current_page, $entries['total-pages']))));
         $li->setAttribute('title', __('Viewing %1$s - %2$s of %3$s entries', array($entries['start'], min($entries['limit'], max(1, $entries['remaining-entries'])), $entries['total-entries'])));
         $ul->appendChild($li);
         ## Next
         $li = new XMLElement('li');
         if ($current_page < $entries['total-pages']) {
             $li->appendChild(Widget::Anchor(__('Next &rarr;'), $this->_Parent->getCurrentPageURL() . '?pg=' . ($current_page + 1) . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '')));
         } else {
             $li->setValue(__('Next &rarr;'));
         }
         $ul->appendChild($li);
         ## Last
         $li = new XMLElement('li');
         if ($current_page < $entries['total-pages']) {
             $li->appendChild(Widget::Anchor(__('Last'), $this->_Parent->getCurrentPageURL() . '?pg=' . $entries['total-pages'] . ($filter ? "&amp;filter={$field_handle}:{$filter_value}" : '')));
         } else {
             $li->setValue(__('Last'));
         }
         $ul->appendChild($li);
         $this->Form->appendChild($ul);
     }
 }
Пример #8
0
            continue;
        }
        $ret = __processAuthorFilter($field, $value, Symphony::Database());
        if (empty($ret)) {
            $author_ids = array();
            break;
        }
        if (empty($author_ids)) {
            $author_ids = $ret;
            continue;
        }
        $author_ids = array_intersect($author_ids, $ret);
    }
    $authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER);
} else {
    $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
    throw new FrontendPageNotFoundException();
} else {
    if (!$this->_param_output_only) {
        $result = new XMLElement($this->dsParamROOTELEMENT);
    }
    foreach ($authors as $author) {
        if (isset($this->dsParamPARAMOUTPUT)) {
            $key = 'ds-' . $this->dsParamROOTELEMENT;
            if (!is_array($param_pool[$key])) {
                $param_pool[$key] = array();
            }
            $param_pool[$key][] = $this->dsParamPARAMOUTPUT == 'name' ? $author->getFullName() : $author->get($this->dsParamPARAMOUTPUT);
        }
Пример #9
0
 public function getExampleFormMarkup()
 {
     $authors = AuthorManager::fetch();
     $options = array();
     foreach ($authors as $a) {
         $options[] = array($a->get('id'), NULL, $a->getFullName());
     }
     $fieldname = 'fields[' . $this->get('element_name') . ']';
     if ($this->get('allow_multiple_selection') == 'yes') {
         $fieldname .= '[]';
     }
     $attr = array();
     if ($this->get('allow_multiple_selection') == 'yes') {
         $attr['multiple'] = 'multiple';
     }
     $label = Widget::Label($this->get('label'));
     $label->appendChild(Widget::Select($fieldname, $options, $attr));
     return $label;
 }
 * Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
 *
 * @version 1.7
 * @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
 *
 ***/
$GLOBALS['pageTitle'] = "Authors";
if (isset($_GET['_f'])) {
    switch ($_GET['_f']) {
        case "complete":
            $Admin->pageAlert("selected-success", array("Author(s)", "deleted"));
            break;
    }
}
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$authors = $authorManager->fetch();
$date = new SymDate($Admin->getConfigVar("time_zone", "region"), $Admin->getConfigVar("date_format", "region"));
$new_button = $Admin->authorIsSuper() ? '<a class="create button" href="' . $Admin->getCurrentPageURL() . 'new/" title="Add an author">Create New</a>' : "";
?>
	<form action="<?php 
print $Admin->getCurrentPageURL();
?>
" method="post">
		<h2><!-- PAGE TITLE --> <?php 
print $new_button;
?>
</h2>
		<table>
			<thead>
				<tr>
Пример #11
0
 function action()
 {
     if (isset($_POST['action'])) {
         $actionParts = array_keys($_POST['action']);
         $action = end($actionParts);
         ##Login Attempted
         if ($action == 'login') {
             if (empty($_POST['username']) || empty($_POST['password']) || !$this->_Parent->login($_POST['username'], $_POST['password'])) {
                 ## TODO: Fix Me
                 ###
                 # Delegate: LoginFailure
                 # Description: Failed login attempt. Username is provided.
                 //$ExtensionManager->notifyMembers('LoginFailure', getCurrentPage(), array('username' => $_POST['username']));
                 //$this->Body->appendChild(new XMLElement('p', 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>'));
                 //$this->_alert = 'Login invalid. <a href="'.URL.'/symphony/?forgot">Forgot your password?</a>';
                 $this->_invalidPassword = true;
             } else {
                 ## TODO: Fix Me
                 ###
                 # Delegate: LoginSuccess
                 # Description: Successful login attempt. Username is provided.
                 //$ExtensionManager->notifyMembers('LoginSuccess', getCurrentPage(), array('username' => $_POST['username']));
                 if (isset($_POST['redirect'])) {
                     redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
                 }
                 redirect(URL . '/symphony/');
             }
             ##Reset of password requested
         } elseif ($action == 'reset') {
             $author = $this->_Parent->Database->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . $_POST['email'] . "'");
             if (!empty($author)) {
                 $this->_Parent->Database->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
                 if (!($token = $this->_Parent->Database->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
                     $token = substr(md5(time() . rand(0, 200)), 0, 6);
                     $this->_Parent->Database->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
                 }
                 $this->_email_sent = General::sendEmail($author['email'], $this->_Parent->Database->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . '	' . URL . "/symphony/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
                 ## TODO: Fix Me
                 ###
                 # Delegate: PasswordResetSuccess
                 # Description: A successful password reset has taken place. Author ID is provided
                 //$ExtensionManager->notifyMembers('PasswordResetSuccess', getCurrentPage(), array('author_id' => $author['id']));
             } else {
                 ## TODO: Fix Me
                 ###
                 # Delegate: PasswordResetFailure
                 # Description: A failed password reset has taken place. Author ID is provided
                 //$ExtensionManager->notifyMembers('PasswordResetFailure', getCurrentPage(), array('author_id' => $author['id']));
                 $this->_email_sent = false;
             }
             ##Change of password requested
         } elseif ($action == 'change' && $this->_Parent->isLoggedIn()) {
             if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
                 $this->_mismatchedPassword = true;
             } else {
                 $author_id = $this->_Parent->Author->get('id');
                 require_once TOOLKIT . '/class.authormanager.php';
                 $authorManager = new AuthorManager($this->_Parent);
                 $author = $authorManager->fetchByID($author_id);
                 $author->set('password', md5($this->_Parent->Database->cleanValue($_POST['password'])));
                 if (!$author->commit() || !$this->_Parent->login($author->get('username'), $_POST['password'])) {
                     redirect(URL . "symphony/system/authors/edit/{$author_id}/error/");
                 }
                 ## TODO: Fix me
                 ###
                 # Delegate: PasswordChanged
                 # Description: After editing an author. ID of the author is provided.
                 //$ExtensionManager->notifyMembers('PasswordChanged', getCurrentPage(), array('author_id' => $author_id));
                 redirect(URL . '/symphony/');
             }
         }
     } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
         $sql = "SELECT t1.`id`, t1.`email`, t1.`first_name` \n\t\t\t\t\t    FROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . $_REQUEST['token'] . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1";
         $author = $this->_Parent->Database->fetchRow(0, $sql);
         if (!empty($author)) {
             $newpass = General::generatePassword();
             General::sendEmail($author['email'], '*****@*****.**', 'Symphony Concierge', 'RE: New Symphony Account Password', 'Hi ' . $author['first_name'] . ',' . self::CRLF . "As requested, here is your new Symphony Author Password for '" . URL . "'" . self::CRLF . "\t{$newpass}" . self::CRLF . self::CRLF . 'Best Regards,' . self::CRLF . 'The Symphony Team');
             $this->_Parent->Database->update(array('password' => md5($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
             $this->_Parent->Database->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
             ## TODO: Fix Me
             ###
             # Delegate: PasswordResetRequest
             # Description: User has requested a password reset. Author ID is provided.
             //$ExtensionManager->notifyMembers('PasswordResetRequest', getCurrentPage(), array('author_id' => $author['id']));
             $this->_alert = 'Password reset. Check your email';
         }
     }
 }
Пример #12
0
 public function action()
 {
     if (isset($_POST['action'])) {
         $actionParts = array_keys($_POST['action']);
         $action = end($actionParts);
         ##Login Attempted
         if ($action == 'login') {
             if (empty($_POST['username']) || empty($_POST['password']) || !Administration::instance()->login($_POST['username'], $_POST['password'])) {
                 /**
                  * A failed login attempt into the Symphony backend
                  *
                  * @delegate AuthorLoginFailure
                  * @since Symphony 2.2
                  * @param string $context
                  * '/login/'
                  * @param string $username
                  *  The username of the Author who attempted to login.
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorLoginFailure', '/login/', array('username' => $_POST['username']));
                 $this->_invalidPassword = true;
             } else {
                 /**
                  * A successful login attempt into the Symphony backend
                  *
                  * @delegate AuthorLoginSuccess
                  * @since Symphony 2.2
                  * @param string $context
                  * '/login/'
                  * @param string $username
                  *  The username of the Author who logged in.
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorLoginSuccess', '/login/', array('username' => $_POST['username']));
                 if (isset($_POST['redirect'])) {
                     redirect(URL . str_replace(parse_url(URL, PHP_URL_PATH), '', $_POST['redirect']));
                 }
                 redirect(SYMPHONY_URL);
             }
             ##Reset of password requested
         } elseif ($action == 'reset') {
             $author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . Symphony::Database()->cleanValue($_POST['email']) . "'");
             if (!empty($author)) {
                 Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' ");
                 if (!($token = Symphony::Database()->fetchVar('token', 0, "SELECT `token` FROM `tbl_forgotpass` WHERE `expiry` > '" . DateTimeObj::getGMT('c') . "' AND `author_id` = " . $author['id']))) {
                     $token = substr(General::hash(time() . rand(0, 1000)), 0, 6);
                     Symphony::Database()->insert(array('author_id' => $author['id'], 'token' => $token, 'expiry' => DateTimeObj::getGMT('c', time() + 120 * 60)), 'tbl_forgotpass');
                 }
                 try {
                     $email = Email::create();
                     $email->recipients = $author['email'];
                     $email->subject = __('New Symphony Account Password');
                     $email->text_plain = __('Hi %s,', array($author['first_name'])) . self::CRLF . __('A new password has been requested for your account. Login using the following link, and change your password via the Authors area:') . self::CRLF . self::CRLF . '	' . SYMPHONY_URL . "/login/{$token}/" . self::CRLF . self::CRLF . __('It will expire in 2 hours. If you did not ask for a new password, please disregard this email.') . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team');
                     $email->send();
                     $this->_email_sent = true;
                 } catch (Exception $e) {
                 } catch (EmailGatewayException $e) {
                     throw new SymphonyErrorPage('Error sending email. ' . $e->getMessage());
                 }
                 /**
                  * When a password reset has occured and after the Password
                  * Reset email has been sent.
                  *
                  * @delegate AuthorPostPasswordResetSuccess
                  * @since Symphony 2.2
                  * @param string $context
                  * '/login/'
                  * @param integer $author_id
                  *  The ID of the Author who requested the password reset
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetSuccess', '/login/', array('author_id' => $author['id']));
             } else {
                 /**
                  * When a password reset has been attempted, but Symphony doesn't
                  * recognise the credentials the user has given.
                  *
                  * @delegate AuthorPostPasswordResetFailure
                  * @since Symphony 2.2
                  * @param string $context
                  * '/login/'
                  * @param string $email
                  *  The santizied Email of the Author who tried to request the password reset
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetFailure', '/login/', array('email' => Symphony::Database()->cleanValue($_POST['email'])));
                 $this->_email_sent = false;
             }
             ##Change of password requested
         } elseif ($action == 'change' && Administration::instance()->isLoggedIn()) {
             if (empty($_POST['password']) || empty($_POST['password-confirmation']) || $_POST['password'] != $_POST['password-confirmation']) {
                 $this->_mismatchedPassword = true;
             } else {
                 $author_id = Administration::instance()->Author->get('id');
                 $author = AuthorManager::fetchByID($author_id);
                 $author->set('password', General::hash(Symphony::Database()->cleanValue($_POST['password'])));
                 if (!$author->commit() || !Administration::instance()->login($author->get('username'), $_POST['password'])) {
                     redirect(SYMPHONY_URL . "/system/authors/edit/{$author_id}/error/");
                 }
                 /**
                  * When an Author changes their password as the result of a login
                  * with an emergency token (ie. forgot password). Just after their
                  * new password has been set successfully
                  *
                  * @delegate AuthorPostPasswordChange
                  * @since Symphony 2.2
                  * @param string $context
                  * '/login/'
                  * @param integer $author_id
                  *  The ID of the Author who has just changed their password
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordChange', '/login/', array('author_id' => $author_id));
                 redirect(SYMPHONY_URL);
             }
         }
     } elseif ($_REQUEST['action'] == 'resetpass' && isset($_REQUEST['token'])) {
         $author = Symphony::Database()->fetchRow(0, "SELECT t1.`id`, t1.`email`, t1.`first_name`\n\t\t\t\t\t\tFROM `tbl_authors` as t1, `tbl_forgotpass` as t2\n\t\t\t\t\t \tWHERE t2.`token` = '" . Symphony::Database()->cleanValue($_REQUEST['token']) . "' AND t1.`id` = t2.`author_id`\n\t\t\t\t\t \tLIMIT 1");
         if (!empty($author)) {
             $newpass = General::generatePassword();
             General::sendEmail($author['email'], Symphony::Database()->fetchVar('email', 0, "SELECT `email` FROM `tbl_authors` ORDER BY `id` ASC LIMIT 1"), __('Symphony Concierge'), __('New Symphony Account Password'), __('Hi %s,', array($author['first_name'])) . self::CRLF . __("As requested, here is your new Symphony Author Password for ") . URL . " " . self::CRLF . " {$newpass}" . self::CRLF . self::CRLF . __('Best Regards,') . self::CRLF . __('The Symphony Team'));
             Symphony::Database()->update(array('password' => General::hash($newpass)), 'tbl_authors', " `id` = '" . $author['id'] . "' LIMIT 1");
             Symphony::Database()->delete('tbl_forgotpass', " `author_id` = '" . $author['id'] . "'");
             /**
              * Just after a Forgot Password email has been sent to the Author
              * who has requested a password reset.
              *
              * @delegate AuthorPostPasswordResetRequest
              * @since Symphony 2.2
              * @param string $context
              * '/login/'
              * @param integer $author_id
              *  The ID of the Author who has requested their password be reset
              */
             Symphony::ExtensionManager()->notifyMembers('AuthorPostPasswordResetRequest', '/login/', array('author_id' => $author['id']));
             $this->_alert = __('Password reset. Check your email');
         }
     }
 }
 /**
  * This function determines whether an there is a currently logged in
  * Author for Symphony by using the `$Cookie`'s username
  * and password. If an Author is found, they will be logged in, otherwise
  * the `$Cookie` will be destroyed.
  *
  * @see core.Cookie#expire()
  */
 public function isLoggedIn()
 {
     // Ensures that we're in the real world.. Also reduces three queries from database
     // We must return true otherwise exceptions are not shown
     if (is_null(self::$_instance)) {
         return true;
     }
     if ($this->Author) {
         return true;
     } else {
         $username = self::$Database->cleanValue($this->Cookie->get('username'));
         $password = self::$Database->cleanValue($this->Cookie->get('pass'));
         if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
             $id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1");
             if ($id) {
                 self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'");
                 $this->Author = AuthorManager::fetchByID($id);
                 Lang::set($this->Author->get('language'));
                 return true;
             }
         }
         $this->Cookie->expire();
         return false;
     }
 }
 /**
  * This is the insert method for the Author. This takes the current
  * `$this->_fields` values and adds them to the database using either the
  * `AuthorManager::edit` or `AuthorManager::add` functions. An
  * existing user is determined by if an ID is already set.
  *
  * @see toolkit.AuthorManager#add()
  * @see toolkit.AuthorManager#edit()
  * @return integer|boolean
  *  When a new Author is added or updated, an integer of the Author ID
  *  will be returned, otherwise false will be returned for a failed update.
  */
 public function commit()
 {
     if (!is_null($this->get('id'))) {
         $id = $this->get('id');
         $this->remove('id');
         if (AuthorManager::edit($id, $this->get())) {
             $this->set('id', $id);
             return $id;
         } else {
             return false;
         }
     } else {
         return AuthorManager::add($this->get());
     }
 }
Пример #15
0
 public function groupRecords($records)
 {
     if (!is_array($records) || empty($records)) {
         return;
     }
     $groups = array($this->get('element_name') => array());
     foreach ($records as $r) {
         $data = $r->getData($this->get('id'));
         $author_id = !isset($data['author_id']) ? 0 : $data['author_id'];
         if (!isset($groups[$this->get('element_name')][$author_id])) {
             $author = AuthorManager::fetchByID($author_id);
             // If there is an author, use those values, otherwise just blank it.
             if ($author instanceof Author) {
                 $username = $author->get('username');
                 $full_name = $author->getFullName();
             } else {
                 $username = '';
                 $full_name = '';
             }
             $groups[$this->get('element_name')][$author_id] = array('attr' => array('author-id' => $author_id, 'username' => $username, 'full-name' => $full_name), 'records' => array(), 'groups' => array());
         }
         $groups[$this->get('element_name')][$author_id]['records'][] = $r;
     }
     return $groups;
 }
 public function __actionEdit()
 {
     if (!($author_id = $this->_context[1])) {
         redirect(SYMPHONY_URL . '/system/authors/');
     }
     $isOwner = $author_id == Administration::instance()->Author->get('id');
     if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
         $fields = $_POST['fields'];
         $this->_Author = AuthorManager::fetchByID($author_id);
         $authenticated = false;
         if ($fields['email'] != $this->_Author->get('email')) {
             $changing_email = true;
         }
         // Check the old password was correct
         if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
             $authenticated = true;
         } else {
             if (Administration::instance()->Author->isDeveloper()) {
                 $authenticated = true;
             }
         }
         $this->_Author->set('id', $author_id);
         if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
             $this->_Author->set('user_type', 'developer');
             // Primary accounts are always developer, Developers can't lower their level
         } elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
             $this->_Author->set('user_type', $fields['user_type']);
             // Only developer can change user type
         }
         $this->_Author->set('email', $fields['email']);
         $this->_Author->set('username', $fields['username']);
         $this->_Author->set('first_name', General::sanitize($fields['first_name']));
         $this->_Author->set('last_name', General::sanitize($fields['last_name']));
         $this->_Author->set('language', $fields['language']);
         if (trim($fields['password']) != '') {
             $this->_Author->set('password', General::hash($fields['password']));
             $changing_password = true;
         }
         // Don't allow authors to set the Section Index as a default area
         // If they had it previously set, just save `null` which will redirect
         // the Author (when logging in) to their own Author record
         if ($this->_Author->get('user_type') == 'author' && $fields['default_area'] == '/blueprints/sections/') {
             $this->_Author->set('default_area', null);
         } else {
             $this->_Author->set('default_area', $fields['default_area']);
         }
         $this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
         if ($this->_Author->validate($this->_errors)) {
             if (!$authenticated && ($changing_password || $changing_email)) {
                 if ($changing_password) {
                     $this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
                 } elseif ($changing_email) {
                     $this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
                 }
             } elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
                 $this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
             } elseif ($this->_Author->commit()) {
                 Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
                 if ($isOwner) {
                     Administration::instance()->login($this->_Author->get('username'), $this->_Author->get('password'), true);
                 }
                 /**
                  * After editing an author, provided with the Author object
                  *
                  * @delegate AuthorPostEdit
                  * @since Symphony 2.2
                  * @param string $context
                  * '/system/authors/'
                  * @param Author $author
                  * An Author object
                  */
                 Symphony::ExtensionManager()->notifyMembers('AuthorPostEdit', '/system/authors/', array('author' => $this->_Author));
                 redirect(SYMPHONY_URL . '/system/authors/edit/' . $author_id . '/saved/');
             } else {
                 $this->pageAlert(__('Unknown errors occurred while attempting to save.') . '<a href="' . SYMPHONY_URL . '/system/log/">' . __('Check your activity log') . '</a>.', Alert::ERROR);
             }
         } else {
             if (is_array($this->_errors) && !empty($this->_errors)) {
                 $this->pageAlert(__('There were some problems while attempting to save. Please check below for problem fields.'), Alert::ERROR);
             }
         }
     } else {
         if (@array_key_exists('delete', $_POST['action'])) {
             /**
              * Prior to deleting an author, provided with the Author ID.
              *
              * @delegate AuthorPreDelete
              * @since Symphony 2.2
              * @param string $context
              * '/system/authors/'
              * @param integer $author_id
              *  The ID of Author ID that is about to be deleted
              */
             Symphony::ExtensionManager()->notifyMembers('AuthorPreDelete', '/system/authors/', array('author_id' => $author_id));
             if (!$isOwner) {
                 AuthorManager::delete($author_id);
                 redirect(SYMPHONY_URL . '/system/authors/');
             } else {
                 $this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
             }
         }
     }
 }
 public function execute(array &$param_pool = null)
 {
     $author_ids = array();
     if (is_array($this->dsParamFILTERS) && !empty($this->dsParamFILTERS)) {
         foreach ($this->dsParamFILTERS as $field => $value) {
             if (!is_array($value) && trim($value) == '') {
                 continue;
             }
             $ret = $this->__processAuthorFilter($field, $value);
             if (empty($ret)) {
                 $author_ids = array();
                 break;
             }
             if (empty($author_ids)) {
                 $author_ids = $ret;
                 continue;
             }
             $author_ids = array_intersect($author_ids, $ret);
         }
         $authors = AuthorManager::fetchByID(array_values($author_ids));
     } else {
         $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER);
     }
     if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
         throw new FrontendPageNotFoundException();
     } elseif (!is_array($authors) || empty($authors)) {
         $result = $this->emptyXMLSet();
         return $result;
     } else {
         if (!$this->_param_output_only) {
             $result = new XMLElement($this->dsParamROOTELEMENT);
         }
         $singleParam = false;
         $key = 'ds-' . $this->dsParamROOTELEMENT;
         if (isset($this->dsParamPARAMOUTPUT)) {
             if (!is_array($this->dsParamPARAMOUTPUT)) {
                 $this->dsParamPARAMOUTPUT = array($this->dsParamPARAMOUTPUT);
             }
             $singleParam = count($this->dsParamPARAMOUTPUT) === 1;
         }
         foreach ($authors as $author) {
             if (isset($this->dsParamPARAMOUTPUT)) {
                 foreach ($this->dsParamPARAMOUTPUT as $param) {
                     // The new style of paramater is `ds-datasource-handle.field-handle`
                     $param_key = $key . '.' . str_replace(':', '-', $param);
                     if (!is_array($param_pool[$param_key])) {
                         $param_pool[$param_key] = array();
                     }
                     $param_pool[$param_key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
                     if ($singleParam) {
                         if (!is_array($param_pool[$key])) {
                             $param_pool[$key] = array();
                         }
                         $param_pool[$key][] = $param === 'name' ? $author->getFullName() : $author->get($param);
                     }
                 }
             }
             if ($this->_param_output_only) {
                 continue;
             }
             $xAuthor = new XMLElement('author');
             $xAuthor->setAttributeArray(array('id' => $author->get('id'), 'user-type' => $author->get('user_type'), 'primary-account' => $author->get('primary')));
             // No included elements, so just create the Author XML
             if (!isset($this->dsParamINCLUDEDELEMENTS) || !is_array($this->dsParamINCLUDEDELEMENTS) || empty($this->dsParamINCLUDEDELEMENTS)) {
                 $result->appendChild($xAuthor);
             } else {
                 // Name
                 if (in_array('name', $this->dsParamINCLUDEDELEMENTS)) {
                     $xAuthor->appendChild(new XMLElement('name', $author->getFullName()));
                 }
                 // Username
                 if (in_array('username', $this->dsParamINCLUDEDELEMENTS)) {
                     $xAuthor->appendChild(new XMLElement('username', $author->get('username')));
                 }
                 // Email
                 if (in_array('email', $this->dsParamINCLUDEDELEMENTS)) {
                     $xAuthor->appendChild(new XMLElement('email', $author->get('email')));
                 }
                 // Author Token
                 if (in_array('author-token', $this->dsParamINCLUDEDELEMENTS) && $author->isTokenActive()) {
                     $xAuthor->appendChild(new XMLElement('author-token', $author->createAuthToken()));
                 }
                 // Default Area
                 if (in_array('default-area', $this->dsParamINCLUDEDELEMENTS) && !is_null($author->get('default_area'))) {
                     // Section
                     if ($section = SectionManager::fetch($author->get('default_area'))) {
                         $default_area = new XMLElement('default-area', $section->get('name'));
                         $default_area->setAttributeArray(array('id' => $section->get('id'), 'handle' => $section->get('handle'), 'type' => 'section'));
                         $xAuthor->appendChild($default_area);
                     } else {
                         $default_area = new XMLElement('default-area', $author->get('default_area'));
                         $default_area->setAttribute('type', 'page');
                         $xAuthor->appendChild($default_area);
                     }
                 }
                 $result->appendChild($xAuthor);
             }
         }
     }
     return $result;
 }
Пример #18
0
 public function formatAuthorString($id, $username)
 {
     // Get author info
     $author = AuthorManager::fetchByID($id);
     // If the author no longer exists, use the fallback name
     if (!$author instanceof Author) {
         $author_string = $username;
     } else {
         $author_string = Widget::Anchor($author->getFullName(), '/symphony/system/authors/edit/' . $id)->generate();
     }
     return $author_string;
 }
Пример #19
0
            continue;
        }
        $ret = __processAuthorFilter($field, $value, Symphony::Database());
        if (empty($ret)) {
            $author_ids = array();
            break;
        }
        if (empty($author_ids)) {
            $author_ids = $ret;
            continue;
        }
        $author_ids = array_intersect($author_ids, $ret);
    }
    $authors = AuthorManager::fetchByID(array_values($author_ids), $this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
} else {
    $authors = AuthorManager::fetch($this->dsParamSORT, $this->dsParamORDER, $this->dsParamLIMIT, max(0, $this->dsParamSTARTPAGE - 1) * $this->dsParamLIMIT);
}
if ((!is_array($authors) || empty($authors)) && $this->dsParamREDIRECTONEMPTY == 'yes') {
    throw new FrontendPageNotFoundException();
} else {
    if (!$this->_param_output_only) {
        $result = new XMLElement($this->dsParamROOTELEMENT);
    }
    foreach ($authors as $author) {
        if (isset($this->dsParamPARAMOUTPUT)) {
            $key = 'ds-' . $this->dsParamROOTELEMENT;
            if (!is_array($param_pool[$key])) {
                $param_pool[$key] = array();
            }
            $param_pool[$key][] = $this->dsParamPARAMOUTPUT == 'name' ? $author->getFullName() : $author->get($this->dsParamPARAMOUTPUT);
        }
 public function groupRecords($records)
 {
     if (!is_array($records) || empty($records)) {
         return;
     }
     $groups = array($this->get('element_name') => array());
     foreach ($records as $r) {
         $data = $r->getData($this->get('id'));
         if (!isset($data['author_id'])) {
             continue;
         }
         if (!isset($groups[$this->get('element_name')][$data['author_id']])) {
             $author = AuthorManager::fetchByID($data['author_id']);
             $groups[$this->get('element_name')][$data['author_id']] = array('attr' => array('author-id' => $data['author_id'], 'username' => $author->get('username'), 'full-name' => $author->getFullName()), 'records' => array(), 'groups' => array());
         }
         $groups[$this->get('element_name')][$data['author_id']]['records'][] = $r;
     }
     return $groups;
 }
<?php

/***
 *
 * Symphony web publishing system
 *
 * Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
 *
 * @version 1.7
 * @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
 *
 ***/
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$author_id = $_REQUEST['id'];
if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) {
    $fields = $_POST['fields'];
    $required = array('firstname', 'lastname', 'username', 'email');
    for ($i = 0; $i < count($required); $i++) {
        if (trim($fields[$required[$i]]) == "") {
            $errors[$required[$i]] = true;
        }
    }
    if (is_array($errors)) {
        define("__SYM_ENTRY_MISSINGFIELDS__", true);
    } elseif ($fields['new_password'] != $fields['confirm_password']) {
        $Admin->pageAlert("password-mismatch", NULL, false, 'error');
    } elseif (trim($fields['password']) != "" && md5($fields['password']) != $DB->fetchVar('password', 0, "SELECT `password` FROM tbl_authors WHERE `id` = '" . $_REQUEST['id'] . "' LIMIT 1")) {
        $Admin->pageAlert("password-incorrect", NULL, false, 'error');
    } else {
        $current_username = $DB->fetchVar('username', 0, "SELECT `username` FROM `tbl_authors` WHERE `id` = " . $_REQUEST['id']);
 public function eventPreSave($context)
 {
     $event = $context['event'];
     if (in_array("lock-entry", $event->eParamFILTERS)) {
         // see if we're editing anything
         if (!isset($_POST['id'])) {
             //change $context['message']
             return;
         } else {
             $entry_id = $_POST['id'];
         }
         // if there's no user logged in, user_id still has to be set to something
         $author_id = $context['parent']->isLoggedIn() ? $context['parent']->Author->get('id') : 1;
         if (($lock = $this->lockExists($entry_id)) <= 0) {
             // if a lock doesn't exist or is expired, we can just give them one (ie ignore it)
             $context['messages'] = array(array('lock-entry', 'passed', ''));
         } else {
             // the lock exists, see if it's owned by the user
             if ($lock[0] != $author_id) {
                 $authorManager = new AuthorManager($this->_Parent);
                 $authors = $authorManager->fetchByID($this->locked[1]);
                 $context['messages'] = array(array('lock-entry', 'failed', 'This lease is currently owned by ' . $authors->getFullName() . '.'));
             }
         }
     }
 }
Пример #23
0
 public function appendPreferences($context)
 {
     include_once TOOLKIT . '/class.authormanager.php';
     include_once TOOLKIT . '/class.sectionmanager.php';
     // Fieldset and layout
     $group = new XMLElement('fieldset');
     $group->setAttribute('class', 'settings');
     $group->appendChild(new XMLElement('legend', __('Tracker')));
     $div = new XMLElement('div');
     $div->setAttribute('class', 'group triple');
     // Excluded System Elements
     $label = Widget::Label(__('Excluded System Elements'));
     $options = array();
     $elements = array('authors' => __('Authors'), 'datasources' => __('Data Sources'), 'events' => __('Events'), 'pages' => __('Pages'), 'sections' => __('Sections'), 'utilities' => __('Utilities'), 'preferences' => __('Preferences'), 'extensions' => __('Extensions'), 'login' => __('Login/Logout'), 'password' => __('Password Reset'));
     $excluded_elements = explode(',', Symphony::Configuration()->get('excluded-system-elements', 'tracker'));
     foreach ($elements as $handle => $value) {
         $selected = in_array($handle, $excluded_elements) ? TRUE : FALSE;
         $options[] = array($handle, $selected, $value);
     }
     $input = Widget::Select('settings[tracker][excluded-system-elements][]', $options, array('multiple' => 'multiple'));
     $label->appendChild($input);
     $div->appendChild($label);
     // Excluded Sections
     $label = Widget::Label(__('Excluded Sections'));
     $options = array();
     $sm = new SectionManager(Administration::instance());
     $sections = $sm->fetch();
     $excluded_sections = explode(',', Symphony::Configuration()->get('excluded-sections', 'tracker'));
     if (!empty($sections) && is_array($sections)) {
         foreach ($sections as $section) {
             $selected = in_array($section->get('id'), $excluded_sections) ? TRUE : FALSE;
             $options[] = array($section->get('id'), $selected, $section->get('name'));
         }
     }
     $input = Widget::Select('settings[tracker][excluded-sections][]', $options, array('multiple' => 'multiple'));
     $label->appendChild($input);
     $div->appendChild($label);
     // Excluded Users
     $label = Widget::Label(__('Excluded Users'));
     $options = array();
     $am = new AuthorManager(Administration::instance());
     $authors = $am->fetch();
     $excluded_authors = explode(',', Symphony::Configuration()->get('excluded-users', 'tracker'));
     if (!empty($authors) && is_array($authors)) {
         foreach ($authors as $author) {
             $selected = in_array($author->get('id'), $excluded_authors) ? TRUE : FALSE;
             $options[] = array($author->get('id'), $selected, $author->getFullName());
         }
     }
     $input = Widget::Select('settings[tracker][excluded-users][]', $options, array('multiple' => 'multiple'));
     $label->appendChild($input);
     $div->appendChild($label);
     $group->appendChild($div);
     // notify url of tracker event
     $notify_url = Symphony::Configuration()->get('notify_url', 'tracker');
     $notify_label = Widget::Label(__('Send tracker event to URL'));
     $notify_label->appendChild(Widget::Input('settings[tracker][notify_url]', $notify_url, 'text'));
     $group->appendChild($notify_label);
     $context['wrapper']->appendChild($group);
 }
Пример #24
0
 function __actionEdit()
 {
     if (!($author_id = $this->_context[1])) {
         redirect(URL . '/symphony/system/authors/');
     }
     $isOwner = $author_id == Administration::instance()->Author->get('id');
     if (@array_key_exists('save', $_POST['action']) || @array_key_exists('done', $_POST['action'])) {
         $fields = $_POST['fields'];
         $this->_Author = AuthorManager::fetchByID($author_id);
         $authenticated = false;
         if ($fields['email'] != $this->_Author->get('email')) {
             $changing_email = true;
         }
         // Check the old password was correct
         if (isset($fields['old-password']) && strlen(trim($fields['old-password'])) > 0 && General::hash(trim($fields['old-password'])) == $this->_Author->get('password')) {
             $authenticated = true;
         } elseif (Administration::instance()->Author->isDeveloper() && $isOwner === false) {
             $authenticated = true;
         }
         $this->_Author->set('id', $author_id);
         if ($this->_Author->isPrimaryAccount() || $isOwner && Administration::instance()->Author->isDeveloper()) {
             $this->_Author->set('user_type', 'developer');
             // Primary accounts are always developer, Developers can't lower their level
         } elseif (Administration::instance()->Author->isDeveloper() && isset($fields['user_type'])) {
             $this->_Author->set('user_type', $fields['user_type']);
             // Only developer can change user type
         }
         $this->_Author->set('email', $fields['email']);
         $this->_Author->set('username', $fields['username']);
         $this->_Author->set('first_name', General::sanitize($fields['first_name']));
         $this->_Author->set('last_name', General::sanitize($fields['last_name']));
         $this->_Author->set('language', $fields['language']);
         if (trim($fields['password']) != '') {
             $this->_Author->set('password', General::hash($fields['password']));
             $changing_password = true;
         }
         $this->_Author->set('default_section', intval($fields['default_section']));
         $this->_Author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
         if ($this->_Author->validate($this->_errors)) {
             if (!$authenticated && ($changing_password || $changing_email)) {
                 if ($changing_password) {
                     $this->_errors['old-password'] = __('Wrong password. Enter old password to change it.');
                 } elseif ($changing_email) {
                     $this->_errors['old-password'] = __('Wrong password. Enter old one to change email address.');
                 }
             } elseif (($fields['password'] != '' || $fields['password-confirmation'] != '') && $fields['password'] != $fields['password-confirmation']) {
                 $this->_errors['password'] = $this->_errors['password-confirmation'] = __('Passwords did not match');
             } elseif ($this->_Author->commit()) {
                 Symphony::Database()->delete('tbl_forgotpass', " `expiry` < '" . DateTimeObj::getGMT('c') . "' OR `author_id` = '" . $author_id . "' ");
                 if ($isOwner) {
                     $this->_Parent->login($this->_Author->get('username'), $this->_Author->get('password'), true);
                 }
                 ## TODO: Fix me
                 ###
                 # Delegate: Edit
                 # Description: After editing an author. ID of the author is provided.
                 //$ExtensionManager->notifyMembers('Edit', getCurrentPage(), array('author_id' => $_REQUEST['id']));
                 redirect(URL . '/symphony/system/authors/edit/' . $author_id . '/saved/');
             } else {
                 $this->pageAlert(__('Unknown errors occurred while attempting to save. Please check your <a href="%s">activity log</a>.', array(URL . '/symphony/system/log/')), Alert::ERROR);
             }
         }
     } elseif (@array_key_exists('delete', $_POST['action'])) {
         ## TODO: Fix Me
         ###
         # Delegate: Delete
         # Description: Prior to deleting an author. ID is provided.
         //$ExtensionManager->notifyMembers('Delete', getCurrentPage(), array('author_id' => $author_id));
         if (!$isOwner) {
             AuthorManager::delete($author_id);
             redirect(URL . '/symphony/system/authors/');
         } else {
             $this->pageAlert(__('You cannot remove yourself as you are the active Author.'), Alert::ERROR);
         }
     }
 }
Пример #25
0
 /**
  * Symphony allows Authors to login via the use of tokens instead of
  * a username and password. A token is derived from concatenating the
  * Author's username and password and applying the sha1 hash to
  * it, from this, a portion of the hash is used as the token. This is a useful
  * feature often used when setting up other Authors accounts or if an
  * Author forgets their password.
  *
  * @param string $token
  *  The Author token, which is a portion of the hashed string concatenation
  *  of the Author's username and password
  * @throws DatabaseException
  * @return boolean
  *  True if the Author is logged in, false otherwise
  */
 public static function loginFromToken($token)
 {
     $token = self::Database()->cleanValue($token);
     if (strlen(trim($token)) == 0) {
         return false;
     }
     if (strlen($token) == 6 || strlen($token) == 16) {
         $row = self::Database()->fetchRow(0, sprintf("SELECT `a`.`id`, `a`.`username`, `a`.`password`\n                FROM `tbl_authors` AS `a`, `tbl_forgotpass` AS `f`\n                WHERE `a`.`id` = `f`.`author_id`\n                AND `f`.`expiry` > '%s'\n                AND `f`.`token` = '%s'\n                LIMIT 1", DateTimeObj::getGMT('c'), $token));
         self::Database()->delete('tbl_forgotpass', sprintf(" `token` = '%s' ", $token));
     } else {
         $row = self::Database()->fetchRow(0, sprintf("SELECT `id`, `username`, `password`\n                FROM `tbl_authors`\n                WHERE SUBSTR(%s(CONCAT(`username`, `password`)), 1, 8) = '%s'\n                AND `auth_token_active` = 'yes'\n                LIMIT 1", 'SHA1', $token));
     }
     if ($row) {
         self::$Author = AuthorManager::fetchByID($row['id']);
         self::$Cookie->set('username', $row['username']);
         self::$Cookie->set('pass', $row['password']);
         self::Database()->update(array('last_seen' => DateTimeObj::getGMT('Y-m-d H:i:s')), 'tbl_authors', sprintf("\n                `id` = %d", $row['id']));
         return true;
     }
     return false;
 }
Пример #26
0
 /**
  * This function handles the Send Mail filter which will send an email
  * to each specified recipient informing them that an Entry has been
  * created.
  *
  * @param XMLElement $result
  *  The XMLElement of the XML that is going to be returned as part
  *  of this event to the page.
  * @param array $send_mail
  *  Associative array of `send-mail` parameters.
  * @param array $fields
  *  Array of post data to extract the values from
  * @param Section $section
  *  This Section for this event
  * @param Section $section
  *  This current Entry that has just been updated or created
  * @return XMLElement
  *  The modified `$result` with the results of the filter.
  */
 public function processSendMailFilter(XMLElement $result, array $send_email, array &$fields, Section $section, Entry $entry)
 {
     $fields['recipient'] = self::replaceFieldToken($send_email['recipient'], $fields);
     $fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
     $fields['recipient'] = array_map('trim', $fields['recipient']);
     $fields['subject'] = self::replaceFieldToken($send_email['subject'], $fields, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
     $fields['body'] = self::replaceFieldToken($send_email['body'], $fields, null, false, false);
     $fields['sender-email'] = self::replaceFieldToken($send_email['sender-email'], $fields);
     $fields['sender-name'] = self::replaceFieldToken($send_email['sender-name'], $fields);
     $fields['reply-to-name'] = self::replaceFieldToken($send_email['reply-to-name'], $fields);
     $fields['reply-to-email'] = self::replaceFieldToken($send_email['reply-to-email'], $fields);
     $edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
     $language = Symphony::Configuration()->get('lang', 'symphony');
     $template_path = Event::getNotificationTemplate($language);
     $body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
     if (is_array($fields['body'])) {
         foreach ($fields['body'] as $field_handle => $value) {
             $body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
         }
     } else {
         $body .= $fields['body'];
     }
     // Loop over all the recipients and attempt to send them an email
     // Errors will be appended to the Event XML
     $errors = array();
     foreach ($fields['recipient'] as $recipient) {
         $author = AuthorManager::fetchByUsername($recipient);
         if (empty($author)) {
             $errors['recipient'][$recipient] = __('Recipient not found');
             continue;
         }
         $email = Email::create();
         // Huib: Exceptions are also thrown in the settings functions, not only in the send function.
         // Those Exceptions should be caught too.
         try {
             $email->recipients = array($author->get('first_name') => $author->get('email'));
             if ($fields['sender-name'] != null) {
                 $email->sender_name = $fields['sender-name'];
             }
             if ($fields['sender-email'] != null) {
                 $email->sender_email_address = $fields['sender-email'];
             }
             if ($fields['reply-to-name'] != null) {
                 $email->reply_to_name = $fields['reply-to-name'];
             }
             if ($fields['reply-to-email'] != null) {
                 $email->reply_to_email_address = $fields['reply-to-email'];
             }
             $email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
             $email->subject = $fields['subject'];
             $email->send();
         } catch (EmailValidationException $e) {
             $errors['address'][$author->get('email')] = $e->getMessage();
         } catch (EmailGatewayException $e) {
             $errors['gateway'][$author->get('email')] = $e->getMessage();
         } catch (EmailException $e) {
             $errors['email'][$author->get('email')] = $e->getMessage();
         }
     }
     // If there were errors, output them to the event
     if (!empty($errors)) {
         $xml = self::buildFilterElement('send-email', 'failed');
         foreach ($errors as $type => $messages) {
             $xType = new XMLElement('error');
             $xType->setAttribute('error-type', $type);
             foreach ($messages as $recipient => $message) {
                 $xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
             }
             $xml->appendChild($xType);
         }
         $result->appendChild($xml);
     } else {
         $result->appendChild(self::buildFilterElement('send-email', 'passed'));
     }
     return $result;
 }
Пример #27
0
 /**
  * This function determines whether an there is a currently logged in
  * Author for Symphony by using the `$Cookie`'s username
  * and password. If an Author is found, they will be logged in, otherwise
  * the `$Cookie` will be destroyed.
  *
  * @see core.Cookie#expire()
  */
 public function isLoggedIn()
 {
     // Ensures that we're in the real world.. Also reduces three queries from database
     // We must return true otherwise exceptions are not shown
     if (is_null(self::$_instance)) {
         return true;
     }
     if ($this->Author) {
         return true;
     } else {
         $username = self::Database()->cleanValue($this->Cookie->get('username'));
         $password = self::Database()->cleanValue($this->Cookie->get('pass'));
         if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
             $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t\t", $username));
             if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), true)) {
                 $this->Author = current($author);
                 self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id')));
                 // Only set custom author language in the backend
                 if (class_exists('Administration')) {
                     Lang::set($this->Author->get('language'));
                 }
                 return true;
             }
         }
         $this->Cookie->expire();
         return false;
     }
 }
Пример #28
0
 public function commit()
 {
     $fields = $this->_fields;
     if (isset($fields['id'])) {
         $id = $fields['id'];
         unset($fields['id']);
         return AuthorManager::edit($id, $fields);
     } else {
         return AuthorManager::add($fields);
     }
 }
Пример #29
0
 public function __doit($fields, &$result, $position = null, $entry_id = null)
 {
     $post_values = new XMLElement('post-values');
     $filter_results = array();
     if (!is_array($this->eParamFILTERS)) {
         $this->eParamFILTERS = array();
     }
     // Create the post data cookie element
     if (is_array($fields) && !empty($fields)) {
         General::array_to_xml($post_values, $fields, true);
     }
     /**
      * Prior to saving entry from the front-end. This delegate will
      * force the Event to terminate if it populates the `$filter_results`
      * array. All parameters are passed by reference.
      *
      * @delegate EventPreSaveFilter
      * @param string $context
      * '/frontend/'
      * @param array $fields
      * @param Event $this
      * @param array $messages
      *  An associative array of array's which contain 4 values,
      *  the name of the filter (string), the status (boolean),
      *  the message (string) an optionally an associative array
      *  of additional attributes to add to the filter element.
      * @param XMLElement $post_values
      * @param integer $entry_id
      *  If editing an entry, this parameter will be an integer,
      *  otherwise null.
      */
     Symphony::ExtensionManager()->notifyMembers('EventPreSaveFilter', '/frontend/', array('fields' => &$fields, 'event' => &$this, 'messages' => &$filter_results, 'post_values' => &$post_values, 'entry_id' => &$entry_id));
     if (is_array($filter_results) && !empty($filter_results)) {
         $can_proceed = true;
         foreach ($filter_results as $fr) {
             list($name, $status, $message, $attributes) = $fr;
             $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
             if ($status === false) {
                 $can_proceed = false;
             }
         }
         if ($can_proceed !== true) {
             $result->appendChild($post_values);
             $result->setAttribute('result', 'error');
             $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
             return false;
         }
     }
     include_once TOOLKIT . '/class.sectionmanager.php';
     include_once TOOLKIT . '/class.entrymanager.php';
     if (!($section = SectionManager::fetch($this->getSource()))) {
         $result->setAttribute('result', 'error');
         $result->appendChild(new XMLElement('message', __('The Section, %s, could not be found.', array($this->getSource()))));
         return false;
     }
     if (isset($entry_id)) {
         $entry =& EntryManager::fetch($entry_id);
         $entry = $entry[0];
         if (!is_object($entry)) {
             $result->setAttribute('result', 'error');
             $result->appendChild(new XMLElement('message', __('The Entry, %s, could not be found.', array($entry_id))));
             return false;
         }
     } else {
         $entry =& EntryManager::create();
         $entry->set('section_id', $this->getSource());
     }
     if (__ENTRY_FIELD_ERROR__ == $entry->checkPostData($fields, $errors, $entry->get('id') ? true : false)) {
         $result->setAttribute('result', 'error');
         $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
         foreach ($errors as $field_id => $message) {
             $field = FieldManager::fetch($field_id);
             if (is_array($fields[$field->get('element_name')])) {
                 $type = array_reduce($fields[$field->get('element_name')], array('SectionEvent', '__reduceType'));
             } else {
                 $type = $fields[$field->get('element_name')] == '' ? 'missing' : 'invalid';
             }
             $result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => $type, 'message' => General::sanitize($message))));
         }
         if (isset($post_values) && is_object($post_values)) {
             $result->appendChild($post_values);
         }
         return false;
     } elseif (__ENTRY_OK__ != $entry->setDataFromPost($fields, $errors, false, $entry->get('id') ? true : false)) {
         $result->setAttribute('result', 'error');
         $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
         foreach ($errors as $field_id => $message) {
             $field = FieldManager::fetch($field_id);
             $result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => 'invalid', 'message' => General::sanitize($message))));
         }
         if (isset($post_values) && is_object($post_values)) {
             $result->appendChild($post_values);
         }
         return false;
     } else {
         if (!$entry->commit()) {
             $result->setAttribute('result', 'error');
             $result->appendChild(new XMLElement('message', __('Unknown errors where encountered when saving.')));
             if (isset($post_values) && is_object($post_values)) {
                 $result->appendChild($post_values);
             }
             return false;
         }
         $result->setAttribute('id', $entry->get('id'));
     }
     // PASSIVE FILTERS ONLY AT THIS STAGE. ENTRY HAS ALREADY BEEN CREATED.
     if (in_array('send-email', $this->eParamFILTERS) && !in_array('expect-multiple', $this->eParamFILTERS)) {
         if (!function_exists('__sendEmailFindFormValue')) {
             function __sendEmailFindFormValue($needle, $haystack, $discard_field_name = true, $default = null, $collapse = true)
             {
                 if (preg_match('/^(fields\\[[^\\]]+\\],?)+$/i', $needle)) {
                     $parts = preg_split('/\\,/i', $needle, -1, PREG_SPLIT_NO_EMPTY);
                     $parts = array_map('trim', $parts);
                     $stack = array();
                     foreach ($parts as $p) {
                         $field = str_replace(array('fields[', ']'), '', $p);
                         $discard_field_name ? $stack[] = $haystack[$field] : ($stack[$field] = $haystack[$field]);
                     }
                     if (is_array($stack) && !empty($stack)) {
                         return $collapse ? implode(' ', $stack) : $stack;
                     } else {
                         $needle = null;
                     }
                 }
                 $needle = trim($needle);
                 if (empty($needle)) {
                     return $default;
                 }
                 return $needle;
             }
         }
         $fields = $_POST['send-email'];
         $db = Symphony::Database();
         $fields['recipient'] = __sendEmailFindFormValue($fields['recipient'], $_POST['fields'], true);
         $fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
         $fields['recipient'] = array_map('trim', $fields['recipient']);
         $fields['subject'] = __sendEmailFindFormValue($fields['subject'], $_POST['fields'], true, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
         $fields['body'] = __sendEmailFindFormValue($fields['body'], $_POST['fields'], false, null, false);
         $fields['sender-email'] = __sendEmailFindFormValue($fields['sender-email'], $_POST['fields'], true, null);
         $fields['sender-name'] = __sendEmailFindFormValue($fields['sender-name'], $_POST['fields'], true, null);
         $fields['reply-to-name'] = __sendEmailFindFormValue($fields['reply-to-name'], $_POST['fields'], true, null);
         $fields['reply-to-email'] = __sendEmailFindFormValue($fields['reply-to-email'], $_POST['fields'], true, null);
         $edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
         $language = Symphony::Configuration()->get('lang', 'symphony');
         $template_path = Event::getNotificationTemplate($language);
         $body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
         if (is_array($fields['body'])) {
             foreach ($fields['body'] as $field_handle => $value) {
                 $body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
             }
         } else {
             $body .= $fields['body'];
         }
         // Loop over all the recipients and attempt to send them an email
         // Errors will be appended to the Event XML
         $errors = array();
         foreach ($fields['recipient'] as $recipient) {
             $author = AuthorManager::fetchByUsername($recipient);
             if (empty($author)) {
                 $errors['recipient'][$recipient] = __('Recipient not found');
                 continue;
             }
             $email = Email::create();
             // Huib: Exceptions are also thrown in the settings functions, not only in the send function.
             // Those Exceptions should be caught too.
             try {
                 $email->recipients = array($author->get('first_name') => $author->get('email'));
                 if ($fields['sender-name'] != null) {
                     $email->sender_name = $fields['sender-name'];
                 }
                 if ($fields['sender-email'] != null) {
                     $email->sender_email_address = $fields['sender-email'];
                 }
                 if ($fields['reply-to-name'] != null) {
                     $email->reply_to_name = $fields['reply-to-name'];
                 }
                 if ($fields['reply-to-email'] != null) {
                     $email->reply_to_email_address = $fields['reply-to-email'];
                 }
                 $email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
                 $email->subject = $fields['subject'];
                 $email->send();
             } catch (EmailValidationException $e) {
                 $errors['address'][$author->get('email')] = $e->getMessage();
             } catch (EmailGatewayException $e) {
                 // The current error array does not permit custom tags.
                 // Therefore, it is impossible to set a "proper" error message.
                 // Will return the failed email address instead.
                 $errors['gateway'][$author->get('email')] = $e->getMessage();
             } catch (EmailException $e) {
                 // Because we don't want symphony to break because it can not send emails,
                 // all exceptions are logged silently.
                 // Any custom event can change this behaviour.
                 $errors['email'][$author->get('email')] = $e->getMessage();
             }
         }
         // If there were errors, output them to the event
         if (!empty($errors)) {
             $xml = $this->buildFilterElement('send-email', 'failed');
             foreach ($errors as $type => $messages) {
                 $xType = new XMLElement('error');
                 $xType->setAttribute('error-type', $type);
                 foreach ($messages as $recipient => $message) {
                     $xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
                 }
                 $xml->appendChild($xType);
             }
             $result->appendChild($xml);
         } else {
             $result->appendChild($this->buildFilterElement('send-email', 'passed'));
         }
     }
     $filter_results = array();
     /**
      * After saving entry from the front-end. This delegate will not force
      * the Events to terminate if it populates the `$filter_results` array.
      * Provided with references to this object, the `$_POST` data and also
      * the error array
      *
      * @delegate EventPostSaveFilter
      * @param string $context
      * '/frontend/'
      * @param integer $entry_id
      * @param array $fields
      * @param Entry $entry
      * @param Event $this
      * @param array $messages
      *  An associative array of array's which contain 4 values,
      *  the name of the filter (string), the status (boolean),
      *  the message (string) an optionally an associative array
      *  of additional attributes to add to the filter element.
      */
     Symphony::ExtensionManager()->notifyMembers('EventPostSaveFilter', '/frontend/', array('entry_id' => $entry->get('id'), 'fields' => $fields, 'entry' => $entry, 'event' => &$this, 'messages' => &$filter_results));
     if (is_array($filter_results) && !empty($filter_results)) {
         foreach ($filter_results as $fr) {
             list($name, $status, $message, $attributes) = $fr;
             $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
         }
     }
     $filter_errors = array();
     /**
      * This delegate that lets extensions know the final status of the
      * current Event. It is triggered when everything has processed correctly.
      * The `$messages` array contains the results of the previous filters that
      * have executed, and the `$errors` array contains any errors that have
      * occurred as a result of this delegate. These errors cannot stop the
      * processing of the Event, as that has already been done.
      *
      *
      * @delegate EventFinalSaveFilter
      * @param string $context
      * '/frontend/'
      * @param array $fields
      * @param Event $this
      * @param array $messages
      *  An associative array of array's which contain 4 values,
      *  the name of the filter (string), the status (boolean),
      *  the message (string) an optionally an associative array
      *  of additional attributes to add to the filter element.
      * @param array $errors
      *  An associative array of array's which contain 4 values,
      *  the name of the filter (string), the status (boolean),
      *  the message (string) an optionally an associative array
      *  of additional attributes to add to the filter element.
      * @param Entry $entry
      */
     Symphony::ExtensionManager()->notifyMembers('EventFinalSaveFilter', '/frontend/', array('fields' => $fields, 'event' => $this, 'messages' => $filter_results, 'errors' => &$filter_errors, 'entry' => $entry));
     if (is_array($filter_errors) && !empty($filter_errors)) {
         foreach ($filter_errors as $fr) {
             list($name, $status, $message, $attributes) = $fr;
             $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
         }
     }
     $result->setAttributeArray(array('result' => 'success', 'type' => isset($entry_id) ? 'edited' : 'created'));
     $result->appendChild(new XMLElement('message', isset($entry_id) ? __('Entry edited successfully.') : __('Entry created successfully.')));
     if (isset($post_values) && is_object($post_values)) {
         $result->appendChild($post_values);
     }
     return true;
 }
<?php

/***
 *
 * Symphony web publishing system
 *
 * Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
 *
 * @version 1.7
 * @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
 *
 ***/
if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) {
    $fields = $_POST['fields'];
    include_once TOOLKIT . "/class.authormanager.php";
    $authorManager = new AuthorManager($Admin);
    $required = array('firstname', 'lastname', 'username', 'email', 'password');
    for ($i = 0; $i < count($required); $i++) {
        if (trim($fields[$required[$i]]) == "") {
            $errors[$required[$i]] = true;
        }
    }
    if (is_array($errors)) {
        define("__SYM_ENTRY_MISSINGFIELDS__", true);
    } elseif ($fields['password'] != $fields['password_confirm']) {
        $Admin->pageAlert("password-mismatch", NULL, false, 'error');
    } elseif ($authorManager->fetchByUsername($fields['username'])) {
        $Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error');
    } else {
        $author =& $authorManager->create();
        $author->set('textformat', $fields['textformat']);