/**
* Validate provided login credentials and login
*
* @param $object
* @param ExecutionContextInterface $context
*/
public static function validateAndLogin($object, ExecutionContextInterface $context)
{
$authenticationInfo = array('login_id' => $object['username'], 'pass' => $object['password']);
$authenticationMethod = array('modname' => 'ZikulaUsersModule', 'method' => 'uname');
try {
$loginResult = \UserUtil::loginUsing($authenticationMethod, $authenticationInfo);
if (!$loginResult) {
$context->buildViolation(__('Error! Could not login with provided credentials. Please try again.'))->addViolation();
}
if (is_array($loginResult)) {
$granted = \SecurityUtil::checkPermission('.*', '.*', ACCESS_ADMIN, $loginResult['uid']);
if (!$granted) {
$context->buildViolation(__('Error! You logged in to an account without Admin permissions'))->addViolation();
}
}
} catch (\Exception $e) {
$context->buildViolation(__('Error! There was a problem logging in.'))->addViolation();
}
}
/**
* Generate the upgrade module page.
*
* This function upgrade available module to an upgrade
*
* @param string $username Username of the admin user.
* @param string $password Password of the admin user.
*
* @return void
*/
function _upg_upgrademodules($username, $password)
{
_upg_header();
$modvars = DBUtil::selectObjectArray('module_vars');
foreach ($modvars as $modvar) {
if ($modvar['value'] == '0' || $modvar['value'] == '1') {
$modvar['value'] = serialize($modvar['value']);
DBUtil::updateObject($modvar, 'module_vars');
}
}
// force load the modules admin API
ModUtil::loadApi('Extensions', 'admin', true);
echo '<h2>' . __('Starting upgrade') . '</h2>' . "\n";
echo '<ul id="upgradelist" class="check">' . "\n";
// reset for User module
//$GLOBALS['_ZikulaUpgrader']['_ZikulaUpgradeFrom12x'] = false;
$results = ModUtil::apiFunc('Extensions', 'admin', 'upgradeall');
if ($results) {
foreach ($results as $modname => $result) {
if ($result) {
echo '<li class="passed">' . DataUtil::formatForDisplay($modname) . ' ' . __('upgraded') . '</li>' . "\n";
} else {
echo '<li class="failed">' . DataUtil::formatForDisplay($modname) . ' ' . __('not upgraded') . '</li>' . "\n";
}
}
}
echo '</ul>' . "\n";
if (!$results) {
echo '<ul class="check"><li class="passed">' . __('No modules required upgrading') . '</li></ul>';
}
// wipe out the deprecated modules from Modules list.
$modTable = 'modules';
$sql = "DELETE FROM {$modTable} WHERE name = 'Header_Footer' OR name = 'AuthPN' OR name = 'pnForm' OR name = 'Workflow' OR name = 'pnRender' OR name = 'Admin_Messages'";
DBUtil::executeSQL($sql);
// store localized displayname and description for Extensions module
$extensionsDisplayname = __('Extensions');
$extensionsDescription = __('Manage your modules and plugins.');
$sql = "UPDATE modules SET name = 'Extensions', displayname = '{$extensionsDisplayname}', description = '{$extensionsDescription}' WHERE modules.name = 'Extensions'";
DBUtil::executeSQL($sql);
// regenerate the themes list
ModUtil::apiFunc('Theme', 'admin', 'regenerate');
// store the recent version in a config var for later usage. This enables us to determine the version we are upgrading from
System::setVar('Version_Num', Zikula_Core::VERSION_NUM);
System::setVar('language_i18n', ZLanguage::getLanguageCode());
// Relogin the admin user to give a proper admin link
SessionUtil::requireSession();
echo '<p class="z-statusmsg">' . __('Finished upgrade') . " - \n";
$authenticationInfo = array('login_id' => $username, 'pass' => $password);
$authenticationMethod = array('modname' => 'Users', 'method' => 'uname');
if (!UserUtil::loginUsing($authenticationMethod, $authenticationInfo)) {
$url = sprintf('<a href="%s">%s</a>', DataUtil::formatForDisplay(System::getBaseUrl()), DataUtil::formatForDisplay(System::getVar('sitename')));
echo __f('Go to the startpage for %s', $url);
} else {
upgrade_clear_caches();
$url = sprintf('<a href="%s">%s</a>', ModUtil::url('Admin', 'admin', 'adminpanel'), DataUtil::formatForDisplay(System::getVar('sitename')));
echo __f('Go to the admin panel for %s', $url);
}
echo "</p>\n";
_upg_footer();
}
/**
* Install controller.
*
* @return void
*/
function install(Core $core)
{
define('_ZINSTALLVER', Core::VERSION_NUM);
$serviceManager = $core->getContainer();
$eventManager = $core->getDispatcher();
// Lazy load DB connection to avoid testing DSNs that are not yet valid (e.g. no DB created yet)
$dbEvent = new GenericEvent(null, array('lazy' => true));
$eventManager->dispatch('doctrine.init_connection', $dbEvent);
$core->init(Core::STAGE_ALL & ~Core::STAGE_THEME & ~Core::STAGE_MODS & ~Core::STAGE_LANGS & ~Core::STAGE_DECODEURLS & ~Core::STAGE_SESSIONS);
// Power users might have moved the temp folder out of the root and changed the config.php
// accordingly. Make sure we respect this security related settings
$tempDir = isset($GLOBALS['ZConfig']['System']['temp']) ? $GLOBALS['ZConfig']['System']['temp'] : 'ztemp';
// define our smarty object
$smarty = new Smarty();
$smarty->caching = false;
$smarty->compile_check = true;
$smarty->left_delimiter = '{';
$smarty->right_delimiter = '}';
$smarty->compile_dir = $tempDir . '/view_compiled';
$smarty->template_dir = 'install/templates';
$smarty->plugins_dir = array('plugins', 'install/templates/plugins');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
$lang = FormUtil::getPassedValue('lang', '', 'GETPOST');
$dbhost = FormUtil::getPassedValue('dbhost', '', 'GETPOST');
$dbusername = FormUtil::getPassedValue('dbusername', '', 'GETPOST');
$dbpassword = FormUtil::getPassedValue('dbpassword', '', 'GETPOST');
$dbname = FormUtil::getPassedValue('dbname', '', 'GETPOST');
$dbprefix = '';
$dbdriver = FormUtil::getPassedValue('dbdriver', '', 'GETPOST');
$dbtabletype = FormUtil::getPassedValue('dbtabletype', '', 'GETPOST');
$username = FormUtil::getPassedValue('username', '', 'POST');
$password = FormUtil::getPassedValue('password', '', 'POST');
$repeatpassword = FormUtil::getPassedValue('repeatpassword', '', 'POST');
$email = FormUtil::getPassedValue('email', '', 'GETPOST');
$action = FormUtil::getPassedValue('action', '', 'GETPOST');
$notinstalled = isset($_GET['notinstalled']);
$installedState = isset($GLOBALS['ZConfig']['System']['installed']) ? $GLOBALS['ZConfig']['System']['installed'] : 0;
// If somehow we are browsing the not installed page but installed, redirect back to homepage
if ($installedState && $notinstalled) {
$response = new RedirectResponse(System::getHomepageUrl());
return $response->send();
}
// see if the language was already selected
$languageAlreadySelected = $lang ? true : false;
if (!$notinstalled && $languageAlreadySelected && empty($action)) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}");
return $response->send();
}
// see if the language was already selected
$languageAlreadySelected = $lang ? true : false;
if (!$notinstalled && $languageAlreadySelected && empty($action)) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}");
return $response->send();
}
// load the installer language files
if (empty($lang)) {
if (is_readable('config/installer.ini')) {
$test = parse_ini_file('config/installer.ini');
$lang = isset($test['language']) ? $test['language'] : 'en';
} else {
$available = ZLanguage::getInstalledLanguages();
$detector = new ZLanguageBrowser($available);
$lang = $detector->discover();
}
$lang = DataUtil::formatForDisplay($lang);
}
// setup multilingual
$GLOBALS['ZConfig']['System']['language_i18n'] = $lang;
$GLOBALS['ZConfig']['System']['multilingual'] = true;
$GLOBALS['ZConfig']['System']['languageurl'] = true;
$GLOBALS['ZConfig']['System']['language_detect'] = false;
$serviceManager->loadArguments($GLOBALS['ZConfig']['System']);
$_lang = ZLanguage::getInstance();
$_lang->setup();
$lang = ZLanguage::getLanguageCode();
$installbySQL = file_exists("install/sql/custom-{$lang}.sql") ? "install/sql/custom-{$lang}.sql" : false;
$smarty->assign('lang', $lang);
$smarty->assign('installbySQL', $installbySQL);
$smarty->assign('langdirection', ZLanguage::getDirection());
$smarty->assign('charset', ZLanguage::getEncoding());
// show not installed case
if ($notinstalled) {
header('HTTP/1.1 503 Service Unavailable');
$smarty->display('notinstalled.tpl');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
exit;
}
// assign the values from config.php
$smarty->assign($GLOBALS['ZConfig']['System']);
// if the system is already installed, halt.
if ($GLOBALS['ZConfig']['System']['installed']) {
_installer_alreadyinstalled($smarty);
}
// check for an empty action - if so then show the first installer page
if (empty($action)) {
$action = 'lang';
}
// perform tasks based on our action
switch ($action) {
case 'processBDInfo':
$dbname = trim($dbname);
$dbusername = trim($dbusername);
if (empty($dbname) || empty($dbusername)) {
$action = 'dbinformation';
$smarty->assign('dbconnectmissing', true);
} elseif (!preg_match('/^[\\w-]*$/', $dbname) || strlen($dbname) > 64) {
$action = 'dbinformation';
$smarty->assign('dbinvalidname', true);
} else {
update_config_php($dbhost, $dbusername, $dbpassword, $dbname, $dbdriver, $dbtabletype);
update_installed_status(0);
try {
$dbh = new PDO("{$dbdriver}:host={$dbhost};dbname={$dbname}", $dbusername, $dbpassword);
} catch (PDOException $e) {
$action = 'dbinformation';
$smarty->assign('reason', $e->getMessage());
$smarty->assign('dbconnectfailed', true);
}
}
if ($action != 'dbinformation') {
$action = 'createadmin';
}
break;
case 'finish':
if (!$username || preg_match('/[^\\p{L}\\p{N}_\\.\\-]/u', $username)) {
$action = 'createadmin';
$smarty->assign('uservalidatefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif (mb_strlen($password) < 7) {
$action = 'createadmin';
$smarty->assign('badpassword', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif ($password !== $repeatpassword) {
$action = 'createadmin';
$smarty->assign('passwordcomparefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif (!validateMail($email)) {
$action = 'createadmin';
$smarty->assign('emailvalidatefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} else {
$installedOk = false;
// if it is the distribution and the process have not failed in a previous step
if ($installbySQL) {
// checks if exists a previous installation with the same prefix
$proceed = true;
$dbnameConfig = $GLOBALS['ZConfig']['DBInfo']['databases']['default']['dbname'];
$exec = $dbdriver == 'mysql' || $dbdriver == 'mysqli' ? "SHOW TABLES FROM `{$dbnameConfig}` LIKE '%'" : "SHOW TABLES FROM {$dbnameConfig} LIKE '%'";
$tables = DBUtil::executeSQL($exec);
if ($tables->rowCount() > 0) {
$proceed = false;
$action = 'dbinformation';
$smarty->assign('dbexists', true);
}
if ($proceed) {
// checks if file exists
if (!file_exists($installbySQL)) {
$action = 'dbinformation';
$smarty->assign('dbdumpfailed', true);
} else {
// execute the SQL dump
$lines = file($installbySQL);
$exec = '';
foreach ($lines as $line_num => $line) {
$line = trim($line);
if (empty($line) || strpos($line, '--') === 0) {
continue;
}
$exec .= $line;
if (strrpos($line, ';') === strlen($line) - 1) {
if (!DBUtil::executeSQL($exec)) {
$action = 'dbinformation';
$smarty->assign('dbdumpfailed', true);
break;
}
$exec = '';
}
}
ModUtil::dbInfoLoad('Users', 'Users');
ModUtil::dbInfoLoad('Extensions', 'Extensions');
ModUtil::initCoreVars(true);
createuser($username, $password, $email);
$installedOk = true;
}
}
} else {
installmodules($lang);
createuser($username, $password, $email);
$installedOk = true;
}
if ($installedOk) {
// create our new site admin
// TODO: Email username/password to administrator email address. Cannot use ModUtil::apiFunc for this.
$serviceManager->get('session')->start();
$authenticationInfo = array('login_id' => $username, 'pass' => $password);
$authenticationMethod = array('modname' => 'Users', 'method' => 'uname');
UserUtil::loginUsing($authenticationMethod, $authenticationInfo);
// add admin email as site email
System::setVar('adminmail', $email);
if (!$installbySQL) {
Theme_Util::regenerate();
}
// set site status as installed and protect config.php file
update_installed_status(1);
@chmod('config/config.php', 0400);
if (!is_readable('config/config.php')) {
@chmod('config/config.php', 0440);
if (!is_readable('config/config.php')) {
@chmod('config/config.php', 0444);
}
}
// install all plugins
$systemPlugins = PluginUtil::loadAllSystemPlugins();
foreach ($systemPlugins as $plugin) {
PluginUtil::install($plugin);
}
LogUtil::registerStatus(__('Congratulations! Zikula has been successfullly installed.'));
$response = new RedirectResponse(ModUtil::url('Admin', 'admin', 'adminpanel'));
$response->send();
exit;
}
}
break;
case 'requirements':
$checks = _check_requirements();
$ok = true;
foreach ($checks as $check) {
if (!$check) {
$ok = false;
break;
}
}
foreach ($checks['files'] as $check) {
if (!$check['writable']) {
$ok = false;
break;
}
}
if ($ok) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=dbinformation&lang={$lang}");
$response->send();
exit;
}
$smarty->assign('checks', $checks);
break;
}
// check our action template exists
$action = DataUtil::formatForOS($action);
if ($smarty->template_exists("installer_{$action}.tpl")) {
$smarty->assign('action', $action);
$templateName = "installer_{$action}.tpl";
} else {
$smarty->assign('action', 'error');
$templateName = 'installer_error.tpl';
}
$smarty->assign('maincontent', $smarty->fetch($templateName));
$smarty->display('installer_page.tpl');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
}
/**
* Log the user in
*
* @deprecated
* @see UserUtil::loginUsing()
*
* @param uname $ the name of the user logging in
* @param pass $ the password of the user logging in
* @param rememberme whether $ or not to remember this login
* @param checkPassword bool true whether or not to check the password
* @return bool true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme = false, $checkPassword = true)
{
LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'UserUtil::loginUsing()')), E_USER_DEPRECATED);
$authenticationMethod = array(
'modname' => 'Users',
);
if (ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_LOGIN_METHOD, Users_Constant::LOGIN_METHOD_UNAME) == Users_Constant::LOGIN_METHOD_EMAIL) {
$authenticationMethod['method'] = 'email';
} else {
$authenticationMethod['method'] = 'uname';
}
return (bool)UserUtil::loginUsing($authenticationMethod, array('login_id' => $uname, 'pass' => $pass), $rememberme, null, $checkPassword);
}
/**
* public because called by AjaxUpgradeController also
* @return bool
*/
public function loginAdmin()
{
$this->container->get('session')->start();
$params = $this->decodeParameters($this->yamlManager->getParameters());
// login as admin using provided credentials
$authenticationInfo = array('login_id' => $params['username'], 'pass' => $params['password']);
$authenticationMethod = array('modname' => 'ZikulaUsersModule', 'method' => 'uname');
$loggedIn = \UserUtil::loginUsing($authenticationMethod, $authenticationInfo);
return (bool) $loggedIn;
}
/**
* Log into a site that is currently "off" (normal logins are not allowed).
*
* Allows the administrator to access the site during maintenance.
*
* Parameters passed via GET:
* --------------------------
* None.
*
* Parameters passed via POST:
* ---------------------------
* string user The user name of the user attempting to log in.
* string pass The password of the user attempting to log in.
* boolean rememberme Whether the login session should persist.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @return bool True.
*/
public function siteOffLogin()
{
// do not process if the site is enabled
$this->redirectIf(!System::getVar('siteoff', false), System::getHomepageUrl());
if ($this->request->isPost()) {
$user = $this->request->request->get('user', null);
$pass = $this->request->request->get('pass', null);
$rememberme = $this->request->request->get('rememberme', false);
} else {
throw new Zikula_Exception_Forbidden();
}
$redirectUrl = System::getHomepageUrl();
$authenticationInfo = array(
'login_id' => $user,
'pass' => $pass
);
$authenticationMethod = array(
'modname' => $this->name,
'method' => 'uname',
);
if (UserUtil::loginUsing($authenticationMethod, $authenticationInfo, $rememberme)) {
$user = UserUtil::getVars(UserUtil::getVar('uid'));
if (!SecurityUtil::checkPermission('Settings::', 'SiteOff::', ACCESS_ADMIN)) {
UserUtil::logout();
$eventArgs = array(
'authentication_method' => $authenticationMethod,
'redirecturl' => '',
);
$event = new Zikula_Event('module.users.ui.login.failed', $user, $eventArgs);
$event = $this->eventManager->notify($event);
$redirectUrl = $event->hasArg('redirecturl') ? $event->getArg('redirecturl') : $redirectUrl;
} else {
$eventArgs = array(
'authentication_method' => $authenticationMethod,
'redirecturl' => $redirectUrl,
);
$event = new Zikula_Event('module.users.ui.login.succeeded', $user, $eventArgs);
$event = $this->eventManager->notify($event);
$redirectUrl = $event->hasArg('redirecturl') ? $event->getArg('redirecturl') : $redirectUrl;
}
} else {
$eventArgs = array(
'authentication_method' => $authenticationMethod,
'authentication_info' => $authenticationInfo,
'redirecturl' => '',
);
$event = new Zikula_Event('module.users.ui.login.failed', null, $eventArgs);
$event = $this->eventManager->notify($event);
$redirectUrl = $event->hasArg('redirecturl') ? $event->getArg('redirecturl') : '';
}
$this->redirect($redirectUrl);
}