private function _defaultPage($slug) { switch ($slug) { case 'home': case 'contact': //init security (crsf and captcha) $security = Security::getSecurity(Security::TYPE_FORM); $crsf = $security->getProtection('form1', Form::PROTECTION_CSRF); $crsf->create(); $captcha = $security->getProtection('form1', Form::PROTECTION_CAPTCHA); $this->tpl->setVar('captchaImageUrl', $captcha->get('image', true), false, true)->setVar('captchaAudioUrl', $captcha->get('audio', true), false, true)->setVar('captchaRefreshUrl', $captcha->getRefreshUrl(), false, true); $this->tpl->setVar('token', $crsf->get(), false, true); //define vars and overwrite template if ($slug == 'contact') { $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'contact.tpl.php'); } elseif ($slug == 'register') { if (Member::isConnected()) { Http::redirect($this->router->getUrl('index')); } $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'register.tpl.php'); } else { $this->tpl->setVar('news', $this->_readAll('new'), false, true); $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'index.tpl.php'); } //set in session $crsf->set(); break; case 'news': $this->tpl->setVar('news', $this->_readAll('new'), false, true); $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'news.tpl.php'); default: break; } }
public function load(Reader $reader) { $security = $reader->read(); foreach ($security as $type => $datas) { $securityData = array(); if (isset($datas['autorun']) && is_string($datas['autorun'])) { $securityData['autorun'] = Tools::castValue($datas['autorun']); } elseif (!isset($datas['autorun'])) { $securityData['autorun'] = false; } //default value foreach ($datas as $name => $value) { if ($name == 'autorun' || $name == 'comment' || $name == 'form') { continue; } if (is_string($value)) { $value = Tools::castValue($value); } $securityData[$name] = $value; } //formulaires (for Form api) if (isset($datas['form'])) { $securityData = array(); foreach ($datas['form'] as $formName => $formDatas) { if (!Validate::isVariableName($formName)) { throw new \Exception('Security form name must be a valid variable'); } $form = new \stdClass(); $form->name = $formName; if (isset($formDatas['protection'])) { $protections = array(); foreach ($formDatas['protection'] as $protectionType => $protectionDatas) { if (is_array($protectionDatas)) { foreach ($protectionDatas as $optionName => $optionValue) { if ($optionName == 'comment') { continue; } if (is_string($optionValue)) { $protectionDatas[$optionName] = Tools::castValue($optionValue); } } } if (is_string($value)) { $value = Tools::castValue($value); } $protections[$protectionType] = $protectionDatas; } } $form->protections = $protections; $securityData[] = $form; } } SecurityManager::addSecurity($type, array('autorun' => $datas['autorun'], 'datas' => $securityData), true); } }
public function contact() { //get security $security = Security::getSecurity(Security::TYPE_FORM); $crsf = $security->getProtection('form1', Form::PROTECTION_CSRF); $captcha = $security->getProtection('form1', Form::PROTECTION_CAPTCHA); //create new and add to ajax data $crsf->create(); $this->addAjaxDatas('token', $crsf->get()); $error = false; //check security if (!$crsf->check(Http::getPost('token'))) { $error = true; } if (!$captcha->check(Http::getPost('captcha'))) { $this->addError($this->language->getVar('validate_security'), 'captcha'); $error = true; } // send mail if ($error) { $this->notifyError($this->language->getVar('validate_error')); } else { //send mail SwiftMailer::getInstance(); $mail = \Swift_Message::newInstance(); $mail->setFrom(array(ADMIN_EMAIL => $this->language->getVar('site_name'))); $mail->setTo(CONTACT_EMAIL); $mail->setSubject($this->language->getVar('site_name') . ' demande de contact'); $contents = new MailContents($this->tpl->getPath() . 'mails' . DS . 'contact.tpl.php'); $contents->addVar('message', nl2br(Http::getPost('message')))->addVar('name', Http::getPost('name'))->addVar('email', Http::getPost('email'))->addVar('subject', Http::getPost('subject')); $mail->addPart($contents->getMailContents(), 'text/html'); $transport = defined('SMTP_SERVER') && !is_null(SMTP_SERVER) && SMTP_SERVER != '' ? \Swift_SmtpTransport::newInstance(SMTP_SERVER, 25) : \Swift_MailTransport::newInstance(); $mailer = \Swift_Mailer::newInstance($transport); $mailer->send($mail); $this->notifySuccess($this->language->getVar('validate_success')); } //set in session $crsf->set(); }
} if (defined('LOGGER_MAIL') && LOGGER_MAIL && defined('LOGGER_MAIL_TO_EMAIL') && defined('LOGGER_MAIL_TO_NAME') && !static::getDebug()) { $mailConfig = array('fromEmail' => ADMIN_EMAIL, 'fromName' => $language->getVar('site_name'), 'toEmail' => LOGGER_MAIL_TO_EMAIL, 'toName' => LOGGER_MAIL_TO_NAME, 'mailSubject' => $language->getVar('site_name') . ' logs'); $log->attach(new Mail($mailConfig)); } if (defined('LOGGER_ERROR') && LOGGER_ERROR) { $exc->attach(new Log()); $err->attach(new Log()); } // Config router host if (!defined('HOSTNAME')) { throw new \Exception('Miss hostname constant'); } Router::setHost(HOSTNAME); // Auto set language, by session $languageLoaded = Language::getInstance()->getLanguage(); $langSession = Session::getInstance()->get('language'); if (!is_null($langSession) && $langSession != $languageLoaded) { $language->setLanguage($langSession); $languageLoaded = $langSession; } // Auto set language, by cookie $langCookie = Cookie::get('language'); if (!is_null($langCookie) && $langCookie != $languageLoaded) { $language->setLanguage($langCookie); $languageLoaded = $langSession; } // Security Security::autorun(); // Clean unset($bench, $globalizer, $language, $exc, $err, $log);