public function action_index() { if (\Input::method() == 'POST') { if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } else { // update to 1.5 first time $result = \Fs\update0001::run(); // update to 1.5.4 $result = \Fs\update0002::run(); if ($result === true) { $output['hide_form'] = true; $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('fs_update_completed'); } else { $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fs_failed_to_update'); } } } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = \Lang::get('fs_updater'); // <head> output ---------------------------------------------------------------------------------------------- $theme = \Theme::instance(); return $theme->view('update_v', $output, false); }
public function action_index() { // clear redirect referrer \Session::delete('submitted_redirect'); // read flash message for display errors. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); // list tables $output['list_tables'] = \DB::list_tables(); // if form submitted if (\Input::method() == 'POST') { $table_name = trim(\Input::post('table_name')); $output['table_name'] = $table_name; if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif ($table_name == null) { $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('dbhelper_please_select_db_table'); } else { $output['list_columns'] = \DB::list_columns(\DB::expr('`' . $table_name . '`')); } } // endif; form submitted // <head> output --------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('dbhelper')); // <head> output --------------------------------------------------------------------- return $this->generatePage('admin/templates/index/index_v', $output, false); }
public function action_index() { // load language \Lang::load('account'); if (\Input::method() == 'POST') { // store data for model $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email'))); // validate form. $validate = \Validation::forge(); $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email')); if (!\Extension\NoCsrf::check(null, null, null, null, false)) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // check registered emails with not confirm $query = \Model_Accounts::query()->select('account_id', 'account_username', 'account_email')->where('account_email', $data['account_email'])->where('account_last_login', null)->where('account_status', '0')->where('account_confirm_code', '!=', 'NULL'); if ($query->count() <= 0) { $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('account_didnot_found_entered_email'); } else { $row = $query->get_one(); // generate confirm code $data['account_confirm_code'] = \Str::random('alnum', 6); $data['account_username'] = $row->account_username; $options['not_notify_admin'] = true; // send email to let user confirm registration $result = \Model_Accounts::forge()->sendRegisterEmail($data, $options); if ($result === true) { $account = \Model_Accounts::find($row->account_id); $account->account_confirm_code = $data['account_confirm_code']; $account->save(); $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm'); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } } // re-populate form $output['account_email'] = trim(\Input::post('account_email')); } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_resend_confirm_registration_email')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/resendactivate_v', $output, false); }
public function action_index() { // load language \Lang::load('account'); // form submitted if (\Input::method() == 'POST') { $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email'))); // validate form. $validate = \Validation::forge(); $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // validate pass include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php'; $securimage = new \Securimage(); if ($securimage->check(\Input::post('captcha')) == false) { $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('account_wrong_captcha_code'); } else { $continue_form = true; } if (isset($continue_form) && $continue_form === true) { // try to send reset password email $result = \Model_Accounts::sendResetPasswordEmail($data); if ($result === true) { $output['hide_form'] = true; $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_please_check_your_email_to_confirm_reset_password'); } else { if (is_string($result)) { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } } } // re-populate form $output['account_email'] = trim(\Input::post('account_email')); } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_forgot_username_or_password')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/forgotpw_v', $output, false); }
public function action_index($account_username = '', $confirm_code = '') { // load language \Lang::load('account'); // store username and confirm code from url to form and require the form to submit. $output['account_username'] = $account_username; $output['confirm_code'] = $confirm_code; if (\Input::method() == 'POST') { // store data for validate and update account status. $data['account_username'] = trim(\Input::post('account_username')); $data['account_confirm_code'] = trim(\Input::post('confirm_code')); // validate form. $validate = \Validation::forge(); $validate->add('account_username', \Lang::get('account_username'), array(), array('required')); $validate->add('confirm_code', \Lang::get('account_confirm_code'), array(), array('required')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // confirm register. $result = \Model_Accounts::confirmRegister($data); if ($result === true) { $output['hide_register_form'] = true; $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_confirm_register_completed'); // @todo [fuelstart][account][plug] confirm register passed plug. $plugin = new \Library\Plugins(); if ($plugin->hasAction('AccountControllerAfterConfirmedRegister') !== false) { $plugin->doAction('AccountControllerAfterConfirmedRegister', ['input_username' => $account_username, 'inputs_post' => \Input::post()]); } unset($plugin); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } // re-populate form $output['account_username'] = trim(\Input::post('account_username')); $output['confirm_code'] = trim(\Input::post('confirm_code')); } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_confirm_register')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/confirmregister_v', $output, false); }
public function action_index() { // load language \Lang::load('account'); // is user logged in? if (\Model_Accounts::isMemberLogin() == false) { \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main())); } // load config from db. $cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types'); $config = \Model_Config::getvalues($cfg_values); $output['config'] = $config; // set config data to display in view file. $output['allow_avatar'] = $config['allow_avatar']['value']; $output['avatar_size'] = $config['avatar_size']['value']; $output['avatar_allowed_types'] = $config['avatar_allowed_types']['value']; unset($cfg_values); // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); // get account id $cookie_account = \Model_Accounts::forge()->getAccountCookie(); // get account data $query = \Model_Accounts::query()->where('account_id', $cookie_account['account_id'])->where('account_username', $cookie_account['account_username'])->where('account_email', $cookie_account['account_email']); if ($query->count() > 0) { // found $row = $query->get_one(); $output['row'] = $row; // loop set data for display in form. foreach ($row as $key => $field) { $output[$key] = $field; } // get account_fields data of current user and send to views form // to access data from view, use $account_field['field_name']. for example: the field_name is phone, just use $account_field['phone']; $account_fields = \Model_AccountFields::getData($cookie_account['account_id']); if ($account_fields->count() > 0) { foreach ($account_fields as $af) { $output['account_field'][$af->field_name] = \Extension\Str::isJsonFormat($af->field_value) ? json_decode($af->field_value, true) : $af->field_value; } } unset($account_fields, $af); // get timezone list to display. \Config::load('timezone', 'timezone'); $output['timezone_list'] = \Config::get('timezone.timezone', array()); unset($query); } else { // not found account. unset($cookie_account, $query); \Model_Accounts::logout(); \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main())); } // if form submitted if (\Input::method() == 'POST') { // store data for save to db. $data['account_id'] = $cookie_account['account_id']; $data['account_username'] = $cookie_account['account_username']; //trim(\Input::post('account_username'));//no, do not edit username. $data['account_old_email'] = $cookie_account['account_email']; $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email'))); $data['account_password'] = trim(\Input::post('account_password')); $data['account_new_password'] = trim(\Input::post('account_new_password')); $data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name')); $data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null))); if ($data['account_firstname'] == null) { $data['account_firstname'] = null; } $data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null))); if ($data['account_middlename'] == null) { $data['account_middlename'] = null; } $data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null))); if ($data['account_lastname'] == null) { $data['account_lastname'] = null; } $data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null))); if ($data['account_birthdate'] == null) { $data['account_birthdate'] = null; } $data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null))); if ($data['account_signature'] == null) { $data['account_signature'] = null; } $data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone'))); $data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null))); if ($data['account_language'] == null) { $data['account_language'] = null; } // store data for account_fields $data_field = array(); if (is_array(\Input::post('account_field'))) { foreach (\Input::post('account_field') as $field_name => $field_value) { if (is_string($field_name)) { if (is_array($field_value)) { $field_value = json_encode($field_value); } $data_field[$field_name] = $field_value; } } } unset($field_name, $field_value); // validate form. $validate = \Validation::forge(); $validate->add_callable(new \Extension\FsValidate()); //$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));//no, do not edit username. $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email')); $validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required')); $validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d'); $validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // save $result = \Model_accounts::memberEditProfile($data, $data_field); if ($result === true) { if (\Session::get_flash('form_status', null, false) == null) { \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('account_saved'))); } \Response::redirect(\Uri::main()); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } // re-populate form //$output['account_username'] = trim(\Input::post('account_username'));//no, do not edit username. $output['account_email'] = trim(\Input::post('account_email')); $output['account_display_name'] = trim(\Input::post('account_display_name')); $output['account_firstname'] = trim(\Input::post('account_firstname')); $output['account_middlename'] = trim(\Input::post('account_middlename')); $output['account_lastname'] = trim(\Input::post('account_lastname')); $output['account_birthdate'] = trim(\Input::post('account_birthdate')); $output['account_signature'] = trim(\Input::post('account_signature')); $output['account_timezone'] = trim(\Input::post('account_timezone')); $output['account_language'] = trim(\Input::post('account_language')); // re-populate form for account fields if (is_array(\Input::post('account_field'))) { foreach (\Input::post('account_field') as $field_name => $field_value) { if (is_string($field_name)) { $output['account_field'][$field_name] = $field_value; } } } unset($field_name, $field_value); } // clear variables unset($cookie_account, $data, $result); // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_edit')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/edit_v', $output, false); }
public function action_index() { // load language \Lang::load('admin'); \Lang::load('account'); // load config from db. $cfg_values = array('member_max_login_fail', 'member_login_fail_wait_time'); $config = Model_Config::getvalues($cfg_values); $output['config'] = $config; unset($cfg_values); // set active theme for admin. this controller is not based on admin controller, then it is require to set to admin theme. $theme = \Theme::instance(); $theme->active($this->theme_system_name); // set login redirect if (\Input::get('rdr') != null) { $output['go_to'] = urlencode(\Input::get('rdr')); } else { $output['go_to'] = urlencode(\Uri::create('admin')); } // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on. // this is REQUIRED in login page. because failed 'is login' check will redirect to here. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); // count login fail and show captcha. if (\Session::get('login_all_fail_count', '0') >= $this->login_fail_time_show_captcha || \Session::get('show_captcha', false) === true) { $output['show_captcha'] = true; // if last time login failed is over wait time, reset it if ((time() - \Session::get('login_all_fail_time', time())) / 60 > $config['member_login_fail_wait_time']['value']) { // reset captcha requirement and wait time. \Session::set('login_all_fail_count', \Session::get('login_all_fail_count') - ($this->login_fail_time_show_captcha + 1)); // do not reset this, just reduce to fail time show captcha+1. doing this to prevent brute force attack. \Session::delete('login_all_fail_time'); \Session::delete('show_captcha'); } } // browser check $output['browser_check'] = $this->browserCheck(); // if form submitted -------------------------------------------------------------------------------------------- if (\Input::method() == 'POST') { // store data for login $data['account_identity'] = trim(\Input::post('account_identity')); if (strpos($data['account_identity'], '@') === false) { $data['account_username'] = $data['account_identity']; } else { $data['account_email'] = $data['account_identity']; } $data['account_password'] = trim(\Input::post('account_password')); // validate form. $validate = \Validation::forge(); // check username or email required $validate->add('account_identity', \Lang::get('account_username_or_email'), array(), array('required')); $validate->add('account_password', \Lang::get('account_password'), array(), array('required')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); $output['input_csrf_token'] = \Extension\NoCsrf::generate(); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); if (\Input::is_ajax()) { $response = new \Response(); $response->set_header('Content-Type', 'application/json'); $response->body(json_encode($output)); return $response; } } else { // count login failed and wait if it was exceed max failed allowed. if (\Session::get('login_all_fail_count', '0') > $config['member_max_login_fail']['value'] && (time() - \Session::get('login_all_fail_time', time())) / 60 <= $config['member_login_fail_wait_time']['value']) { // continuous login failed over max fail limit. $result = Lang::get('account_login_failed_too_many', array('wait_minute' => $config['member_login_fail_wait_time']['value'], 'wait_til_time' => date('d F Y H:i:s', time() + $config['member_login_fail_wait_time']['value'] * 60))); } else { // not reach maximum limit // check if show captcha if (isset($output['show_captcha']) && $output['show_captcha'] === true) { include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php'; $securimage = new \Securimage(); if ($securimage->check(\Input::post('captcha')) == false) { $result = \Lang::get('account_wrong_captcha_code'); } } // try to login. --------------------------------------------- if (!isset($result) || isset($result) && $result == null) { $result = \Model_Accounts::adminLogin($data); } } // check login result ---------------------------------------------- if ($result === true) { // success $all_fail_count = 0; \Session::delete('login_all_fail_count'); \Session::delete('login_all_fail_time'); \Session::delete('show_captcha'); if (\Input::is_ajax()) { $output['login_status'] = true; $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_login_success'); if (!isset($output['go_to'])) { $output['go_to'] = \Uri::main(); } else { $output['go_to'] = urldecode($output['go_to']); } $response = new \Response(); $response->set_header('Content-Type', 'application/json'); $response->body(json_encode($output)); return $response; } else { if (isset($output['go_to'])) { \Response::redirect(urldecode($output['go_to'])); } else { \Response::redirect(\Uri::base()); } } } else { // failed $all_fail_count = \Session::get('login_all_fail_count', '0') + 1; \Session::set('login_all_fail_count', $all_fail_count); \Session::set('login_all_fail_time', time()); // if login fail count more than or equal to fail time show captcha if ($all_fail_count >= $this->login_fail_time_show_captcha) { $output['show_captcha'] = true; \Session::set('show_captcha', true); } $output['form_status'] = 'error'; $output['form_status_message'] = $result; if (\Input::is_ajax()) { $response = new \Response(); $response->set_header('Content-Type', 'application/json'); $response->body(json_encode($output)); return $response; } } } // re-populate form $output['account_identity'] = $data['account_identity']; } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_login')); $output['page_meta'][] = '<meta name="robots" content="noindex, nofollow" />'; // <head> output ---------------------------------------------------------------------------------------------- // breadcrumb ------------------------------------------------------------------------------------------------- $page_breadcrumb = []; $page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')]; $page_breadcrumb[1] = ['name' => \Lang::get('account_login'), 'url' => \Uri::create('admin/login')]; $output['page_breadcrumb'] = $page_breadcrumb; unset($page_breadcrumb); // breadcrumb ------------------------------------------------------------------------------------------------- if (\Input::is_ajax()) { $response = new \Response(); $response->set_header('Content-Type', 'application/json'); $response->body(json_encode($output)); return $response; } else { return $theme->view('admin/templates/login/index_v', $output, false); } }
public function action_multiple() { $ids = \Input::post('id'); $act = trim(\Input::post('act')); $redirect = $this->getAndSetSubmitRedirection(); if (\Extension\NoCsrf::check()) { // if action is delete. if ($act == 'del') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) { \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { // get target level group id $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute(); // not found if (count($lvls) <= 0) { continue; } else { // format level group for check can i add, edit $level_group = array(); foreach ($lvls as $lvl) { $level_group[] = $lvl->level_group_id; } } if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) { // delete account. \Model_Accounts::deleteAccount($id); // clear cache \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id); } } } } elseif ($act == 'enable') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) { \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { if ($id == '0') { continue; } // get target level group id $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute(); // not found if (count($lvls) <= 0) { continue; } else { // format level group for check can i add, edit $level_group = array(); foreach ($lvls as $lvl) { $level_group[] = $lvl->level_group_id; } } if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) { \DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '1', 'account_status_text' => null])->execute(); unset($entry); } // clear cache \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id); } } } elseif ($act == 'disable') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) { \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { if ($id == '0') { continue; } // get target level group id $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute(); // not found if (count($lvls) <= 0) { continue; } else { // format level group for check can i add, edit $level_group = array(); foreach ($lvls as $lvl) { $level_group[] = $lvl->level_group_id; } } if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) { \DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '0', 'account_status_text' => null])->execute(); } // clear cache \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id); } } } } // go back \Response::redirect($redirect); }
public function action_index() { // check permission if (\Model_AccountLevelPermission::checkAdminPermission('config_global', 'config_global') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect(\Uri::create('admin')); } // get timezone list for select box \Config::load('timezone', 'timezone'); $output['timezone_list'] = \Config::get('timezone.timezone', array()); // read flash message for display errors. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); $allowed_field = array(); // load config to form. $result = \DB::select('*')->from(\Model_Config::getTableName())->as_object('Model_Config')->where('config_core', '1')->execute(); if ((is_array($result) || is_object($result)) && !empty($result)) { foreach ($result as $row) { $allowed_field[] = $row->config_name; $output[$row->config_name] = $row->config_value; } } unset($result, $row); // if form submitted if (\Input::method() == 'POST') { // store data to variable for update to db. $data = array(); foreach (\Input::post() as $key => $value) { if (in_array($key, $allowed_field)) { $data[$key] = $value; } } unset($allowed_field); // check again for some required default value config data. // tab website $data['site_name'] = \Security::htmlentities($data['site_name']); $data['page_title_separator'] = \Security::htmlentities($data['page_title_separator']); // tab account if (!isset($data['member_allow_register']) || $data['member_allow_register'] != '1') { $data['member_allow_register'] = '0'; } if (!isset($data['member_register_notify_admin']) || $data['member_register_notify_admin'] != '1') { $data['member_register_notify_admin'] = '0'; } if (!isset($data['simultaneous_login']) || $data['simultaneous_login'] != '1') { $data['simultaneous_login'] = '******'; } if (!is_numeric($data['member_max_login_fail'])) { $data['member_max_login_fail'] = '10'; } if (!is_numeric($data['member_login_fail_wait_time'])) { $data['member_login_fail_wait_time'] = '30'; } if (!is_numeric($data['member_login_remember_length'])) { $data['member_login_remember_length'] = '30'; } if (!is_numeric($data['member_confirm_wait_time'])) { $data['member_confirm_wait_time'] = '10'; } if (!isset($data['member_email_change_need_confirm']) || $data['member_email_change_need_confirm'] != '1') { $data['member_email_change_need_confirm'] = '0'; } if (!isset($data['allow_avatar']) || $data['allow_avatar'] != '1') { $data['allow_avatar'] = '0'; } if (!is_numeric($data['avatar_size'])) { $data['avatar_size'] = '200'; } if (empty($data['avatar_allowed_types'])) { $data['avatar_allowed_types'] = 'jpg|jpeg'; } if ($data['avatar_path'] == null) { unset($data['avatar_path']); } // tab email if ($data['mail_protocol'] == null) { $data['mail_protocol'] = 'mail'; } if (!is_numeric($data['mail_smtp_port'])) { $data['mail_smtp_port'] = '0'; } // tab content if (!is_numeric($data['content_items_perpage'])) { $data['content_items_perpage'] = '10'; } if (!is_numeric($data['content_admin_items_perpage'])) { $data['content_admin_items_perpage'] = '10'; } // tab media if (empty($data['media_allowed_types'])) { $data['media_allowed_types'] = 'avi|doc|docx|flv|gif|jpeg|jpg|mid|midi|mov|mp3|mpeg|mpg|pdf|png|swf|xls|xlsx|zip'; } // tab ftp if (!is_numeric($data['ftp_port'])) { $data['ftp_port'] = '21'; } if (!isset($data['ftp_passive']) || $data['ftp_passive'] != 'false') { $data['ftp_passive'] = 'true'; } // validate form. $validate = \Validation::forge(); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // try to save config. $result = \Model_Config::saveData($data); // save change site name to sites table $site_id = \Model_Sites::getSiteId(false); $entry = \Model_Sites::find($site_id); $entry->site_name = $data['site_name']; $entry->save(); unset($entry, $site_id); if ($result === true) { \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); \Response::redirect(\Uri::main()); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } // re-populate form. foreach ($data as $key => $value) { $output[$key] = html_entity_decode($value); } } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('config_global_configuration')); // <head> output ---------------------------------------------------------------------------------------------- // breadcrumb ------------------------------------------------------------------------------------------------- $page_breadcrumb = []; $page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')]; $page_breadcrumb[1] = ['name' => \Lang::get('config_global_configuration'), 'url' => \Uri::create('admin/config')]; $output['page_breadcrumb'] = $page_breadcrumb; unset($page_breadcrumb); // breadcrumb ------------------------------------------------------------------------------------------------- return $this->generatePage('admin/templates/config/index_v', $output, false); }
public function action_index() { // load language \Lang::load('account'); // load config from db. $cfg_values = array('member_allow_register', 'member_verification'); $config = \Model_Config::getvalues($cfg_values); $output['config'] = $config; unset($cfg_values); // pre-set form values $output['account_username'] = null; $output['account_email'] = null; $output['account_password'] = null; $output['account_confirm_password'] = null; $output['captcha'] = null; if (\Input::method() == 'POST' && $config['member_allow_register']['value'] == '1') { // store data to array for send to model with add/register method. $data['account_username'] = trim(\Input::post('account_username')); $data['account_display_name'] = \Security::htmlentities($data['account_username']); $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email'))); $data['account_password'] = trim(\Input::post('account_password')); // validate form. $validate = \Validation::forge(); $validate->add_callable(new \Extension\FsValidate()); $validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText')); $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email')); $validate->add('account_password', \Lang::get('account_password'), array(), array('required')); $validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password'); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // validate pass include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php'; $securimage = new \Securimage(); if ($securimage->check(\Input::post('captcha')) == false) { $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('account_wrong_captcha_code'); } else { $continue_register = true; } // if captcha pass if (isset($continue_register) && $continue_register === true) { // register action $result = \Model_Accounts::registerAccount($data); if ($result === true) { $output['hide_register_form'] = true; // if member verification is need, show those message. if no need, just show success message. if ($config['member_verification']['value'] == '0') { $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_registration_complted'); } elseif ($config['member_verification']['value'] == '1') { $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm'); } elseif ($config['member_verification']['value'] == '2') { $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_registration_completed_need_admin_verify'); } } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } } // re-populate form $output['account_username'] = trim(\Input::post('account_username')); $output['account_email'] = trim(\Input::post('account_email')); //$output['account_password'] = trim(\Input::post('account_password')); //$output['account_confirm_password'] = trim(\Input::post('account_confirm_password')); //$output['captcha'] = \Input::post('captcha'); } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_register')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/register_v', $output, false); }
public function action_multiple() { $ids = \Input::post('id'); $act = trim(\Input::post('act')); // set redirect url $redirect = $this->getAndSetSubmitRedirection(); if (\Extension\NoCsrf::check()) { if ($act == 'del') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_delete_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { \Model_Sites::deleteSite($id); } // clear cache \Extension\Cache::deleteCache('model.sites-getSiteId'); \Extension\Cache::deleteCache('model.sites-isSiteEnabled'); \Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites'); } } elseif ($act == 'enable') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { if ($id == '1') { continue; } \DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 1])->execute(); } // clear cache \Extension\Cache::deleteCache('model.sites-getSiteId'); \Extension\Cache::deleteCache('model.sites-isSiteEnabled'); \Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites'); unset($entry); } } elseif ($act == 'disable') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { if ($id == '1') { continue; } \DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 0])->execute(); } // clear cache \Extension\Cache::deleteCache('model.sites-getSiteId'); \Extension\Cache::deleteCache('model.sites-isSiteEnabled'); \Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites'); unset($entry); } } } // go back \Response::redirect($redirect); }
public function action_save($account_id = '') { // set redirect url $redirect = $this->getAndSetSubmitRedirection(); // check permission if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_user_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } // if account id not set if (!is_numeric($account_id)) { $cookie_account = \Model_Accounts::forge()->getAccountCookie('admin'); $account_id = 0; if (isset($cookie_account['account_id'])) { $account_id = $cookie_account['account_id']; } unset($cookie_account); } $output['account_id'] = $account_id; // check target account $account_check_result = $this->checkAccountData($account_id); $output['account_check_result'] = is_object($account_check_result) || is_array($account_check_result) ? true : $account_check_result; unset($account_check_result); if ($output['account_check_result'] === true) { // if form submitted if (\Input::method() == 'POST') { if (\Extension\NoCsrf::check()) { $data['permission_core'] = (int) trim(\Input::post('permission_core')); if ($data['permission_core'] != '1') { $data['permission_core'] = '0'; } $data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name'))); if ($data['module_system_name'] == null || $data['permission_core'] == '1') { $data['module_system_name'] = null; } $data['account_id'] = \Input::post('account_id'); $data['permission_page'] = \Input::post('permission_page'); $data['permission_action'] = \Input::post('permission_action'); \Model_AccountPermission::savePermissions($account_id, $data); // set success message \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); } else { // nocsrf error, set error msg. \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token'))); } // endif nocsrf check } // endif form submitted } else { // failed to check account. set error msg. \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => $output['account_check_result'])); } // endif check account result. // go back \Response::redirect($redirect); }
public function action_save() { // set redirect url $redirect = $this->getAndSetSubmitRedirection(); // check permission if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_level_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } // if form submitted if (\Input::method() == 'POST') { if (\Extension\NoCsrf::check()) { $data['permission_core'] = (int) trim(\Input::post('permission_core')); if ($data['permission_core'] != '1') { $data['permission_core'] = '0'; } $data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name'))); if ($data['module_system_name'] == null || $data['permission_core'] == '1') { $data['module_system_name'] = null; } $data['level_group_id'] = \Input::post('level_group_id'); $data['permission_page'] = \Input::post('permission_page'); $data['permission_action'] = \Input::post('permission_action'); \Model_AccountLevelPermission::savePermissions($data); // set success message \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); } else { // nocsrf error, set error msg. \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token'))); } } // go back \Response::redirect($redirect); }
public function action_multiple() { $ids = \Input::post('id'); $act = trim(\Input::post('act')); if (\Extension\NoCsrf::check()) { if ($act == 'del') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('blog_perm', 'blog_manage_perm') == false) { \Response::redirect(\Uri::create('admin')); } if (is_array($ids)) { foreach ($ids as $id) { \Blog\Model_Blog::find($id)->delete(); } } } } // go back if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) { \Response::redirect(\Input::referrer()); } else { \Response::redirect('blog/admin'); } }
public function action_multiple() { $ids = \Input::post('id'); $act = trim(\Input::post('act')); // set redirect url $redirect = $this->getAndSetSubmitRedirection(); if (\Extension\NoCsrf::check()) { if ($act == 'del') { // check permission. if (\Model_AccountLevelPermission::checkAdminPermission('accountlv_perm', 'accountlv_delete_perm') == false) { \Response::redirect($redirect); } if (is_array($ids)) { foreach ($ids as $id) { if (in_array($id, $this->disallowed_edit_delete)) { continue; } \Model_AccountLevelGroup::deleteLevel($id); } } } } // go back \Response::redirect($redirect); }
public function action_index($account_id = '', $confirm_code = '', $action = '') { // load language \Lang::load('account'); // get config $cfg_values = array('member_confirm_wait_time'); $config = Model_Config::getvalues($cfg_values); $output['config'] = $config; unset($cfg_values); $output['reset_action'] = $action; // check account id and confirm code. $query = \Model_Accounts::query()->where('account_id', $account_id)->where('account_confirm_code', $confirm_code); if ($query->count() <= 0) { $output['hide_form'] = true; $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('account_invalid_reset_password_request_code'); } // if cancel reset password if ($action == 'cancel' && $query->count() > 0) { // cancel no need to use form, hide it. $output['hide_form'] = true; // empty confirm code. $row = $query->get_one(); $row->account_confirm_code = null; $row->account_confirm_code_since = null; $row->save(); $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_your_reset_password_request_was_cancelled'); } // form submitted if (\Input::method() == 'POST' && $action == 'reset') { $data['account_password'] = trim(\Input::post('account_password')); // validate form. $validate = \Validation::forge(); $validate->add('account_password', \Lang::get('account_password'), array(), array('required')); $validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password'); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { $row = $query->get_one(); $cfg_member_confirm_wait_time = $config['member_confirm_wait_time']['value'] * 60; if (time() - $row->account_confirm_code_since > $cfg_member_confirm_wait_time) { // confirm wait time is too long than limit. $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('account_reset_password_time_expired'); // empty confirm code. $row->account_confirm_code = null; $row->account_confirm_code_since = null; $row->save(); } else { // empty confirm code and update password $row->account_password = \Model_Accounts::forge()->hashPassword($data['account_password']); $row->account_confirm_code = null; $row->account_confirm_code_since = null; $row->save(); $output['hide_form'] = true; $output['form_status'] = 'success'; $output['form_status_message'] = \Lang::get('account_reset_password_successfully'); } } unset($cfg_member_confirm_wait_time, $data, $validate); } unset($config, $query, $row); // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_reset_password')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('front/templates/account/resetpw_v', $output, false); }