public function post($ext)
{
if ((int) $this->check_access() < 9) {
$this->response(null, null, 401);
}
if (empty($ext)) {
$this->response(null, null, 400);
}
$settings = array();
foreach ($ext["settings"] as $set) {
$settings[$set["name"]] = $set["value"];
}
$db = new RazorDB();
$db->connect("extension");
$options = array("amount" => 1);
$search = array(array("column" => "extension", "value" => $ext["extension"]), array("column" => "type", "value" => $ext["type"]), array("column" => "handle", "value" => $ext["handle"]));
$extension = $db->get_rows($search, $options);
if ($extension["count"] == 1) {
$db->edit_rows($search, array("json_settings" => json_encode($settings)));
} else {
// add new
$row = array("extension" => $ext["extension"], "type" => $ext["type"], "handle" => $ext["handle"], "json_settings" => json_encode($settings), "user_id" => $this->user["id"], "access_level" => 0);
$db->add_rows($row);
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("user");
// check link unique
$search = array("column" => "id", "value" => $this->user["id"]);
$row = array("name" => $data["name"], "email_address" => $data["email_address"]);
if (isset($data["new_password"])) {
$row["password"] = $this->create_hash($data["new_password"]);
}
$db->edit_rows($search, $row);
$db->disconnect();
// return the basic user details
if (isset($data["new_password"])) {
$this->response(array("reload" => true), "json");
}
$this->response("success", "json");
}
public function post($data)
{
// no email
if (empty($data["email"])) {
$this->response("User not found", "json", 404);
}
// try find user
$db = new RazorDB();
$db->connect("user");
$options = array("amount" => 1);
$search = array("column" => "email_address", "value" => $data["email"]);
$user = $db->get_rows($search);
$db->disconnect();
// check for match
if ($user["count"] != 1) {
$this->response("User not found", "json", 404);
}
// check attempts
$user = $user["result"][0];
if ($user["reminder_time"] > time() - 600) {
$this->response("Only one password request allowed per hour", "json", 401);
}
/* Match found, attempts good, carry on */
// now we will store token and send it via email
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$ip_address = $_SERVER["REMOTE_ADDR"];
$pass_hash = $user["password"];
$reminder_time = time();
$reminder_token = sha1($reminder_time . $user_agent . $ip_address . $pass_hash);
// set new reminder
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$row = array("reminder_token" => $reminder_token, "reminder_time" => $reminder_time);
$db->edit_rows($search, $row);
$db->disconnect();
// email user pasword reset email
$server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]);
$reminder_link = RAZOR_BASE_URL . "admin#/password-reset/{$reminder_token}_{$user["id"]}";
$message = <<<EOT
<html>
<head>
<title>razorCMS - Password Reset</title>
</head>
<body>
<h1>Reset your razorCMS Account Password</h1>
<p>This email address has requested a password reset for the account on razorCMS ({$_SERVER["SERVER_NAME"]}). If this was not you that requested this, please ignore this email and the password reset will expire in 1 hour.</p>
<p>If you did request this, then you can reset your password using the link below.</p>
<a href="{$reminder_link}">{$reminder_link}</a>
</body>
</html>
EOT;
$this->email("no-reply@{$server_email}", $user["email_address"], "razorCMS Account Password Reset", $message);
$this->response("success", "json");
}
public function post($data)
{
// no email
if (empty($data["email"])) {
$this->response("User not found", "json", 404);
}
// try find user
$db = new RazorDB();
$db->connect("user");
$options = array("amount" => 1);
$search = array("column" => "email_address", "value" => $data["email"]);
$user = $db->get_rows($search);
$db->disconnect();
// check for match
if ($user["count"] != 1) {
$this->response("User not found", "json", 404);
}
// check attempts
$user = $user["result"][0];
if ($user["reminder_time"] > time() - 600) {
$this->response("Only one password request allowed per hour", "json", 401);
}
/* Match found, attempts good, carry on */
// now we will store token and send it via email
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$ip_address = $_SERVER["REMOTE_ADDR"];
$pass_hash = $user["password"];
$reminder_time = time();
$reminder_token = sha1($reminder_time . $user_agent . $ip_address . $pass_hash);
// set new reminder
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$row = array("reminder_token" => $reminder_token, "reminder_time" => $reminder_time);
$db->edit_rows($search, $row);
$db->disconnect();
// get setting
$db->connect("setting");
$setting = $db->get_rows(array("column" => "name", "value" => "forgot_password_email"));
$forgot_password_email = $setting["result"][0]["value"];
$db->disconnect();
// email user pasword reset email
$server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]);
$reminder_link = RAZOR_BASE_URL . "login#/password-reset/{$reminder_token}_{$user["id"]}";
// email text replacement
$search = array("**server_name**", "**user_email**", "**forgot_password_link**");
$replace = array($_SERVER["SERVER_NAME"], $user["email_address"], $reminder_link);
$message = str_replace($search, $replace, $forgot_password_email);
$this->email("no-reply@{$server_email}", $user["email_address"], "{$_SERVER["SERVER_NAME"]} Account Password Reset", $message);
$this->response("success", "json");
}
public function post($data)
{
// check present, token ok, password and password confirm ok
if (!isset($data["token"], $data["passwords"]["password"], $data["passwords"]["repeat_password"])) {
$this->response("Bad data", null, 400);
}
if (empty($data["token"]) || strlen($data["token"]) < 20) {
$this->response("Bad data", null, 400);
}
if (empty($data["passwords"]["password"]) || empty($data["passwords"]["repeat_password"]) || $data["passwords"]["password"] !== $data["passwords"]["repeat_password"]) {
$this->response("Bad data", null, 400);
}
$token_data = explode("_", $data["token"]);
if (count($token_data) != 2 || empty($token_data[0]) || empty($token_data[1])) {
$this->response("Bad data", null, 400);
}
/* data present and pre check good, lets do a user search and check */
// try find user
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => (int) $token_data[1]);
$user = $db->get_rows($search);
$db->disconnect();
// no valid user found
if ($user["count"] != 1) {
$this->response("Bad data", null, 400);
}
$user = $user["result"][0];
// check token
if (empty($user["reminder_token"]) || $token_data[0] != $user["reminder_token"] || $user["reminder_time"] + 3600 < time()) {
$this->response("Bad data", null, 400);
}
/* user ok, token ok, lets change password */
$password = RazorAPI::create_hash($data["passwords"]["password"]);
// set new reminder
$db->connect("user");
$search = array("column" => "id", "value" => $user["id"]);
$row = array("password" => $password, "reminder_token" => "");
$db->edit_rows($search, $row);
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
// update content
$db = new RazorDB();
$db->connect("page");
// set options
$search = array("column" => "id", "value" => $data["id"]);
// ensure we only have changes we want
$changes = array("active" => $data["active"], "name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "theme" => $data["theme"], "keywords" => $data["keywords"], "description" => $data["description"]);
$db->edit_rows($search, $changes);
$db->disconnect();
// return the basic user details
$this->response($data, "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("site");
$search = array("column" => "id", "value" => 1);
$row = array();
if (isset($data["name"])) {
$row["name"] = $data["name"];
}
if (isset($data["google_analytics_code"])) {
$row["google_analytics_code"] = $data["google_analytics_code"];
}
$db->edit_rows($search, $row);
$db->disconnect();
$this->response("success", "json");
}
public function get($id)
{
if (strlen($id) < 20) {
$this->response("Activation key not set", 400);
}
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "activate_token", "value" => $id);
$user = $db->get_rows($search);
if ($user["count"] != 1) {
$this->response(null, null, 409);
}
// now we know token is ok, lets activate user
// set new reminder
$search = array("column" => "id", "value" => $user["result"][0]["id"]);
$row = array("activate_token" => null, "active" => true);
$db->edit_rows($search, $row);
$db->disconnect();
// if all ok, redirect to login page and set activate message off
$redirect = RAZOR_BASE_URL . "login#/user-activated";
header("Location: {$redirect}");
exit;
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 9) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("setting");
if (isset($data["name"])) {
$search = array("column" => "name", "value" => "name");
$res = $db->edit_rows($search, array("value" => $data["name"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "name", "value" => (string) $data["name"], "type" => "string"));
}
}
if (isset($data["google_analytics_code"])) {
$search = array("column" => "name", "value" => "google_analytics_code");
$res = $db->edit_rows($search, array("value" => $data["google_analytics_code"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "google_analytics_code", "value" => (string) $data["google_analytics_code"], "type" => "string"));
}
}
if (isset($data["forgot_password_email"])) {
$search = array("column" => "name", "value" => "forgot_password_email");
$res = $db->edit_rows($search, array("value" => (string) $data["forgot_password_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "forgot_password_email", "value" => (string) $data["forgot_password_email"], "type" => "string"));
}
}
if (isset($data["allow_registration"])) {
$search = array("column" => "name", "value" => "allow_registration");
$res = $db->edit_rows($search, array("value" => (string) $data["allow_registration"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "allow_registration", "value" => (string) $data["allow_registration"], "type" => "bool"));
}
}
if (isset($data["manual_activation"])) {
$search = array("column" => "name", "value" => "manual_activation");
$res = $db->edit_rows($search, array("value" => (string) $data["manual_activation"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "manual_activation", "value" => (string) $data["manual_activation"], "type" => "bool"));
}
}
if (isset($data["registration_email"])) {
$search = array("column" => "name", "value" => "registration_email");
$res = $db->edit_rows($search, array("value" => (string) $data["registration_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "registration_email", "value" => (string) $data["registration_email"], "type" => "string"));
}
}
if (isset($data["activation_email"])) {
$search = array("column" => "name", "value" => "activation_email");
$res = $db->edit_rows($search, array("value" => (string) $data["activation_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "activation_email", "value" => (string) $data["activation_email"], "type" => "string"));
}
}
if (isset($data["activate_user_email"])) {
$search = array("column" => "name", "value" => "activate_user_email");
$res = $db->edit_rows($search, array("value" => (string) $data["activate_user_email"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "activate_user_email", "value" => (string) $data["activate_user_email"], "type" => "string"));
}
}
if (isset($data["cookie_message"])) {
$search = array("column" => "name", "value" => "cookie_message");
$res = $db->edit_rows($search, array("value" => (string) $data["cookie_message"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "cookie_message", "value" => (string) $data["cookie_message"], "type" => "string"));
}
}
if (isset($data["cookie_message_button"])) {
$search = array("column" => "name", "value" => "cookie_message_button");
$res = $db->edit_rows($search, array("value" => (string) $data["cookie_message_button"]));
if ($res["count"] == 0) {
$db->add_rows(array("name" => "cookie_message_button", "value" => (string) $data["cookie_message_button"], "type" => "string"));
}
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
// menu item
$db = new RazorDB();
$db->connect("menu_item");
// 1. grab all menus in position order
$options = array("order" => array("column" => "position", "direction" => "asc"));
$search = array("column" => "id", "not" => true, "value" => null);
$all_menu_items = $db->get_rows($search, $options);
$all_menu_items = $all_menu_items["result"];
// 2. make flat arrays
$new_menus_flat = array();
foreach ($data as $menu) {
// set up menu item arrays
if (!isset($new_menus_flat[$menu["id"]])) {
$new_menus_flat[$menu["id"]] = array();
}
foreach ($menu["menu_items"] as $mi) {
if (isset($mi["id"])) {
$new_menus_flat[$menu["id"]][] = $mi["id"];
}
if (isset($mi["sub_menu"]) & !empty($mi["sub_menu"])) {
foreach ($mi["sub_menu"] as $sub_menu_item) {
if (isset($sub_menu_item["id"])) {
$new_menus_flat[$menu["id"]][] = $sub_menu_item["id"];
}
}
}
}
}
$current_menus_flat = array();
foreach ($all_menu_items as $ami) {
// set up menu item arrays
if (!isset($current_menus_flat[$ami["menu_id"]])) {
$current_menus_flat[$ami["menu_id"]] = array();
}
$current_menus_flat[$ami["menu_id"]][] = $ami["id"];
// at same time remove any items missing
if (!in_array($ami["id"], $new_menus_flat[$ami["menu_id"]])) {
$db->delete_rows(array("column" => "id", "value" => (int) $ami["id"]));
}
}
// 3. update all of sent menu data, by looping through the new $data
foreach ($data as $new_menu) {
$pos = 1;
// each menu
foreach ($new_menu["menu_items"] as $nmi) {
if (isset($nmi["id"]) && in_array($nmi["id"], $current_menus_flat[$new_menu["id"]])) {
// update menu item
$search = array("column" => "id", "value" => $nmi["id"]);
$db->edit_rows($search, array("position" => $pos));
} else {
// add new item
$row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 1, "page_id" => $nmi["page_id"], "link_id" => 0);
$db->add_rows($row);
}
$pos++;
// now check for sub menu
if (isset($nmi["sub_menu"]) && !empty($nmi["sub_menu"])) {
foreach ($nmi["sub_menu"] as $nsmi) {
if (isset($nsmi["id"]) && in_array($nsmi["id"], $current_menus_flat[$new_menu["id"]])) {
// update menu item
$search = array("column" => "id", "value" => $nsmi["id"]);
$db->edit_rows($search, array("position" => $pos));
} else {
// add new item
$row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 2, "page_id" => $nsmi["page_id"], "link_id" => 0);
$db->add_rows($row);
}
$pos++;
}
}
}
}
$db->disconnect();
$this->response("success", "json");
}
public function check_access($access_timeout = RARS_ACCESS_TIMEOUT)
{
// retrieve token from incoming request
$token = isset($_SERVER["HTTP_AUTHORIZATION"]) ? $_SERVER["HTTP_AUTHORIZATION"] : (isset($_SERVER["REDIRECT_HTTP_AUTHORIZATION"]) ? $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] : (isset($_COOKIE["token"]) ? $_COOKIE["token"] : null));
if (empty($token)) {
return false;
}
// extract token and id
$token_data = explode("_", $token);
if (count($token_data) != 2) {
return false;
}
$token = preg_replace("/[^a-zA-Z0-9]/", '', $token_data[0]);
$id = (int) $token_data[1];
// find user
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $id);
$options = array("amount" => 1);
$res = $db->get_rows($search, $options);
$db->disconnect();
// no user found or no access in XXX seconds
if ($res["count"] != 1) {
return false;
}
$user = $res["result"][0];
if ($user["last_accessed"] < time() - $access_timeout) {
return false;
}
/* all ok, so go verify user */
// need to create a token and last logged stamp
$last_logged = $user["last_logged_in"];
$user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250));
$ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50));
$pass_hash = $user["password"];
$gen_token = sha1($last_logged . $user_agent . $ip_address . $pass_hash);
if ($gen_token !== $token) {
return false;
}
// set user and return
$this->user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]);
// update access time to keep connection alive, only do this once an hour to keep writes to db down for user table
// connection will stay live for a day anyway so we do not need to be this heavy on the last access time writes
if ($user["last_accessed"] > time() - 3600) {
return $this->user["access_level"];
}
$db = new RazorDB();
$db->connect("user");
$search = array("column" => "id", "value" => $this->user["id"]);
$changes = array("last_accessed" => time());
$db->edit_rows($search, $changes);
$db->disconnect();
return $this->user["access_level"];
}
public function post($data)
{
// check we have a logged in user
if ((int) $this->check_access() < 1) {
$this->response(null, null, 401);
}
if (empty($data)) {
$this->response(null, null, 400);
}
$db = new RazorDB();
$db->connect("user");
if (!isset($data["id"])) {
// do you have access to make create new user
if ($this->check_access() != 10) {
$this->response(null, null, 401);
}
if (!isset($data["new_password"]) || empty($data["new_password"])) {
$this->response(null, null, 400);
}
// check email is unique
$search = array("column" => "email_address", "value" => $data["email_address"]);
$user = $db->get_rows($search);
if ($user["count"] > 0) {
$this->response(null, null, 409);
}
// create new user
$row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => (int) $data["access_level"] < 10 ? $data["access_level"] : 1, "active" => $data["active"], "password" => $this->create_hash($data["new_password"]));
$db->add_rows($row);
} elseif ($this->user["id"] == $data["id"]) {
// check email is unique if changed
if ($data["email_address"] != $this->user["email_address"]) {
$search = array("column" => "email_address", "value" => $data["email_address"]);
$user = $db->get_rows($search);
if ($user["count"] > 0) {
$this->response(null, null, 409);
}
}
// if this is your account, alter name, email or password
$search = array("column" => "id", "value" => $this->user["id"]);
$row = array("name" => $data["name"], "email_address" => $data["email_address"]);
if (isset($data["new_password"])) {
$row["password"] = $this->create_hash($data["new_password"]);
}
$db->edit_rows($search, $row);
// return the basic user details
if (isset($data["new_password"])) {
$this->response(array("reload" => true), "json");
}
} elseif ($this->check_access() == 10) {
// if not account owner, but acces of 10, alter access level or active
// do not allow anyone to be set to level 10, only one account aloud
if (isset($data["access_level"]) && $data["access_level"] == 10) {
$this->response(null, null, 400);
}
$search = array("column" => "id", "value" => $data["id"]);
$row = array("access_level" => $data["access_level"], "active" => $data["active"]);
$db->edit_rows($search, $row);
} else {
$this->response(null, null, 401);
}
$db->disconnect();
$this->response("success", "json");
}
public function post($data)
{
// login check - if fail, return no data to stop error flagging to user
if ((int) $this->check_access() < 10) {
$this->response(null, null, 401);
}
if (!isset($data["content"])) {
$this->response(null, null, 400);
}
// update content
$db = new RazorDB();
$db->connect("content");
// update or add content
$new_content_map = array();
foreach ($data["content"] as $key => $content) {
if (!isset($content["content_id"]) || !isset($content["content"]) || empty($content["content"])) {
unset($data["content"][$key]);
continue;
}
if (stripos($content["content_id"], "new-") === false) {
// update
$search = array("column" => "id", "value" => $content["content_id"]);
$db->edit_rows($search, array("content" => $content["content"], "name" => $content["name"]));
} else {
// add new content and map the ID to the new id for locations table
$row = array("content" => $content["content"], "name" => $content["name"]);
$result = $db->add_rows($row);
$new_content_map[$content["content_id"]] = $result["result"][0]["id"];
}
}
$db->disconnect();
// update or add locations
$db = new RazorDB();
$db->connect("page_content");
// 1. first take snapshot of current
$search = array("column" => "page_id", "value" => (int) $data["page_id"]);
$current_page_content = $db->get_rows($search);
$current_page_content = $current_page_content["result"];
// 2. iterate through updating or adding, make a note of all id's
$page_content_map = array();
foreach ($data["locations"] as $location => $columns) {
foreach ($columns as $column => $blocks) {
foreach ($blocks as $pos => $block) {
if ($block["id"] != "new") {
// update
$search = array("column" => "id", "value" => $block["id"]);
$row = array("location" => $location, "column" => (int) $column, "position" => $pos + 1, "json_settings" => json_encode($block["settings"]));
if (isset($block["extension"])) {
$row["extension"] = $block["extension"];
}
$db->edit_rows($search, $row);
$page_content_map[] = $block["id"];
} else {
// add new, if new, add, if new but already present add, else add as ext
$new_content_id = isset($block["content_id"], $new_content_map[$block["content_id"]]) ? $new_content_map[$block["content_id"]] : (isset($block["content_id"]) && is_numeric($block["content_id"]) ? $block["content_id"] : null);
if (!empty($new_content_id) || isset($block["extension"])) {
$row = array("page_id" => (int) $data["page_id"], "content_id" => $new_content_id, "location" => $location, "column" => (int) $column, "position" => $pos + 1);
if (isset($block["extension"])) {
$row["extension"] = $block["extension"];
$row["json_settings"] = isset($block["settings"]) ? json_encode($block["settings"]) : null;
}
$result = $db->add_rows($row);
$page_content_map[] = $result["result"][0];
}
}
}
}
}
// 3. run through id's affected against snapshot, if any missing, remove them.
foreach ($current_page_content as $row) {
if (!in_array($row["id"], $page_content_map)) {
$db->delete_rows(array("column" => "id", "value" => (int) $row["id"]));
}
}
$db->disconnect();
// return the basic user details
$this->response("success", "json");
}
