Пример #1
0
 /**
  * Send a link to reset the  password to user's email
  * @access public
  * @param int id
  * @return void
  */
 public function sendPassword($id)
 {
     $session = Zend_Registry::get('session');
     $seoOption = Zend_Registry::get('seo');
     $value = $this->getUserBy('id', $id);
     if (!empty($value)) {
         $dotEmail = new Dot_Email();
         $dotEmail->addTo($value['email']);
         $subject = str_replace('%SITENAME%', $seoOption->siteName, $this->option->forgotPassword->subject);
         $dotEmail->setSubject($subject);
         $userToken = Dot_Auth::generateUserToken($value['password']);
         $msg = str_replace(array('%FIRSTNAME%', '%SITE_URL%', '%USERID%', '%TOKEN%'), array($value['firstName'], $this->config->website->params->url, $value['id'], $userToken), $this->option->forgotPassword->message);
         $dotEmail->setBodyText($msg);
         $succeed = $dotEmail->send();
         if ($succeed) {
             $session->message['txt'] = $this->option->infoMessage->emailSent . $value['email'];
             $session->message['type'] = 'info';
         } else {
             $session->message['txt'] = $this->option->errorMessage->emailNotSent . $value['email'];
             $session->message['type'] = 'error';
         }
     } else {
         $session->message['txt'] = $value['email'] . $this->option->infoMessage->emailNotFound;
         $session->message['type'] = 'info';
     }
 }
Пример #2
0
 /**
  * Add the user's token to the template
  * @access public
  * @return array
  */
 public function addUserToken()
 {
     $dotAuth = Dot_Auth::getInstance();
     $user = $dotAuth->getIdentity('user');
     $this->setVar('USERTOKEN', Dot_Auth::generateUserToken($user->password));
 }
 * If we do not have the token, it will be marked with NULL
 *
 * NULL - user does not have a token
 * ''   - user have an empty token
 * Any other (string) value - the token
 *
 * See Dot_Auth::checkUserToken()
 */
$userToken = isset($_POST['userToken']) ? $_POST['userToken'] : null;
/**
 * From this point , the control is taken by the Action specific controller
 * call the Action specific file, but check first if exists 
 */
$actionControllerPath = CONTROLLERS_PATH . '/' . $registry->requestModule . '/' . $registry->requestControllerProcessed . 'Controller.php';
if (file_exists($actionControllerPath)) {
    $dotAuth = Dot_Auth::getInstance();
    $dotAuth->checkIdentity('user');
    require $actionControllerPath;
} else {
    Dot_Route::pageNotFound();
}
// set menus
$tpl->setMenu();
// set SEO html tags from dots/seo.xml file
$tpl->setSeoValues($pageTitle);
// display message (error, warning, info)
$tpl->displayMessage();
// parse the main content block
$tpl->parse('MAIN_CONTENT', 'tpl_main');
// show debugbar
$debug = new Dot_Debug($tpl);
Пример #4
0
    /**
     * Get any warnings to display in the dashboard
     * Each array element returned is an array with two strings: type and description
     * @access public
     * @return array
     */
    public function getWarnings()
    {
        // warning "categories"
        $warnings = array('Security Warning' => array(), 'Debug Email' => array(), 'Delete Files' => array(), 'Make Writable' => array(), 'Make Unwritable' => array(), 'Cache Test Failed' => array(), 'Plugin Check' => array());
        // check that the default admin user isn't enabled
        $dotAuth = Dot_Auth::getInstance();
        $defaultAdminValid = $dotAuth->process('admin', array("username" => "admin", "password" => "dot"), $storeInSession = false);
        if ($defaultAdminValid) {
            $warnings["Security Warning"][] = "Please change the password of the oldest admin user or deactivate him";
        }
        // if the oldest admin have the same email team@dotkernel.com
        $select = $this->db->select()->from('admin', 'email')->where('isActive = ?', '1')->order('dateCreated asc')->limit(1);
        $emailAdmin = $this->db->fetchOne($select);
        if ('*****@*****.**' == $emailAdmin) {
            $warnings["Debug Email"][] = "Please change the email of the default admin user or deactivate him.";
        }
        //if the devEmails is the default one : team@dotkernel.com
        // why query db when we have it in the Dot_Model
        if (stripos($this->settings->devEmails, '*****@*****.**') !== false) {
            $warnings["Debug Email"][] = "Update the setting.devEmails value to reflect your debug email.";
        }
        // check for files that should be deleted
        $filesToDelete = array("dot_kernel.sql", "readme.txt", "dk.php");
        foreach ($filesToDelete as $file) {
            if (file_exists(APPLICATION_PATH . "/" . $file)) {
                $warnings['Delete Files'][] = $file;
            }
        }
        //ignore permission warning if OS is Windows
        if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
            // warning if application.ini is writable
            if (is_writable(APPLICATION_PATH . "/configs/application.ini")) {
                $warnings["Make Unwritable"][] = 'configs/application.ini';
            }
            // only the folders set in application.ini (folders.permission[]) should be writable
            $folderException = $this->config->folders->permission->toArray();
            // go through all folders in the tree
            $folders = $this->_listDirectory(APPLICATION_PATH);
            foreach ($folders as $path) {
                // exceptions are configured in application.ini. they should be writable
                $isException = false;
                foreach ($folderException as $exception) {
                    if (strpos($path, $exception) !== false) {
                        $isException = true;
                        break;
                    }
                }
                if ($isException) {
                    if (!is_writable($path) && $path === $exception) {
                        $warnings["Make Writable"][] = $path;
                    }
                } else {
                    if (is_writable($path)) {
                        $warnings["Make Unwritable"][] = $path;
                    }
                }
            }
            // info about how to add exception
            if (count($warnings["Make Unwritable"])) {
                $warnings["Make Unwritable"][] = '**  <em>It is possible to add your writable folders to the exclude list by adding it 
										as folders.permission[] exception in application.ini</em>';
            }
        }
        if (Dot_Cache::testCache() == false) {
            $warnings['Cache Test Failed'][] = 'Cache is not working or disabled';
            $warnings['Cache Test Failed'][] = 'Check cache settings or if cache module is supported';
            $warnings['Cache Test Failed'][] = '' . 'More info: <a href="http://www.dotkernel.com/dotkernel/caching-in-dotkernel-using-zend-framework/"> Caching in DotKernel</a>';
        }
        if (Dot_Cache::testTags() == false) {
            $warnings['Cache Test Failed'][] = 'Cache does not support tags';
            $warnings['Cache Test Failed'][] = 'Check cache provider in application.ini';
            $warnings['Cache Test Failed'][] = '' . 'More info: <a href="http://framework.zend.com/manual/1.12/en/zend.cache.backends.html"> ZF Cache Backends </a>';
        }
        // plugin check
        $pluginHandler = Plugin_Loader::getInstance();
        $pluginData = $pluginHandler->getAllPlugins();
        foreach ($pluginData as $plugin) {
            // check if the class is missing
            if (!$pluginHandler->pluginExists($plugin['vendor'], $plugin['pluginName'])) {
                $warnings['Plugin Check'][] = 'Plugin ' . $plugin['pluginName'] . ' (by ' . $plugin['vendor'] . ') is missing';
            }
            // check if the plugin is enabled
            if (!$plugin['enabled']) {
                $warnings['Plugin Check'][] = 'Plugin ' . $plugin['pluginName'] . ' (by ' . $plugin['vendor'] . ') is not enabled';
            }
        }
        return $warnings;
    }
Пример #5
0
 /**
  * Authorize user login
  * @access public
  * @param array $validData
  * @return void
  */
 public function authorizeLogin($validData)
 {
     $session = Zend_Registry::get('session');
     unset($session->admin);
     // login info are VALID, we can see if is a valid user now
     $dotAuth = Dot_Auth::getInstance();
     $validAuth = $dotAuth->process('admin', $validData);
     if ($validAuth) {
         //prepare data for register the login
         $dataLogin = array('ip' => Dot_Kernel::getUserIp(), 'adminId' => $session->admin->id, 'referer' => $this->_httpReferer, 'userAgent' => $this->_userAgent);
         $this->registerLogin($dataLogin);
         header('Location: ' . $this->config->website->params->url . '/' . Zend_Registry::get('requestModule'));
         exit;
     } else {
         // failed admin login - send email to valid admin account
         $this->sendEmailFailedLogin($validData);
         // check if account is inactive
         $adminTmp = $this->getUserBy('username', $validData['username']);
         1 == $adminTmp['isActive'] ? $session->message['txt'] = $this->option->errorMessage->wrongCredentials : ($session->message['txt'] = $this->option->errorMessage->inactiveAcount);
         $session->message['type'] = 'error';
     }
 }
        $systemView->showPHPInfo('phpinfo');
        break;
    case 'apc-info':
        // display APC or APCu
        $apcu = null;
        if (phpversion('apcu')) {
            $apcu = 'u';
        }
        $systemView->showAPCInfo($apcu);
        break;
    case 'delete-key':
        $result = array("success" => false, "message" => "An error occured, please try again.");
        if (!isset($_POST['key']) || !isset($_POST['userToken']) || !Dot_Auth::checkUserToken($_POST['userToken'])) {
            echo Zend_Json::encode($result);
            exit;
        }
        Dot_Cache::remove($_POST['key']);
        $result = array('succes' => 'true');
        echo Zend_Json::encode($result);
        exit;
    case 'clear-cache':
        $result = array("success" => false, "message" => "An error occured, please try again.");
        if (!isset($_POST['userToken']) || !Dot_Auth::checkUserToken($_POST['userToken'])) {
            echo Zend_Json::encode($result);
            exit;
        }
        Dot_Cache::clean('all');
        $result = array('succes' => 'true');
        echo Zend_Json::encode($result);
        exit;
}
Пример #7
0
 /**
  * Check if a user's token is set and is correct
  * 
  * @access public
  * @static
  * @param string $userToken
  * @param string $type - the identity that is checked (i.e. admin)
  * @return bool
  */
 public static function checkUserToken($userToken, $type = 'admin')
 {
     if (is_null($userToken) || $userToken == '') {
         return false;
     }
     $dotAuth = Dot_Auth::getInstance();
     $user = $dotAuth->getIdentity($type);
     if (Dot_Auth::generateUserToken($user->password) != $userToken) {
         return false;
     }
     return true;
 }
Пример #8
0
 /**
  * Authorize user login
  * @access public
  * @param array $validData
  * @return void
  */
 public function authorizeLogin($validData)
 {
     $session = Zend_Registry::get('session');
     unset($session->user);
     // login info are VALID, we can see if is a valid user now
     $dotAuth = Dot_Auth::getInstance();
     $validAuth = $dotAuth->process('user', $validData);
     if ($validAuth) {
         //prepare data for register the login
         $dotGeoip = new Dot_Geoip();
         $userIp = Dot_Kernel::getUserIp();
         $userCountry = $dotGeoip->getCountryByIp($userIp);
         $dataLogin = array('ip' => $userIp, 'userId' => $session->user->id, 'referer' => $this->_httpReferer, 'userAgent' => $this->_userAgent, 'country' => $userCountry[1]);
         $this->registerLogin($dataLogin);
         $link = isset($session->wantUrl) ? $session->wantUrl : $this->config->website->params->url . '/user/account';
         header('location: ' . $link);
         exit;
     } else {
         $session->message['txt'] = $this->option->errorMessage->login;
         $session->message['type'] = 'error';
     }
 }