public function init(Website $website, Request $request) { $text = $website->getText(); $articleId = $request->getParamInt(0); $showAdminPageLink = $website->isLoggedInAsStaff(true); $oArticles = new ArticleRepository($website); $article = $oArticles->getArticleOrFail($articleId); $this->article = $article; $formToken = RequestToken::generateNew(); $action = $request->getRequestString("action"); if ($action == "delete" && Validate::requestToken($request)) { // Bye bye article if ($oArticles->delete($article)) { $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_DELETED); } else { $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_ERROR); } return; } elseif ($action == "make_private" && Validate::requestToken($request)) { // Hide article for visitors $article->setHidden(true); if ($oArticles->saveArticle($article)) { $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_HIDDEN); } else { $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_ERROR); } return; } else { // Ask what to do $this->view = new ArticleDeleteTemplate($text, $article, $formToken, $showAdminPageLink, ArticleDeleteTemplate::STATE_CONFIRMATION); } $formToken->saveToSession(); }
public function init(Website $website, Request $request) { $this->installedWidgets = $website->getWidgets(); $widgetRepo = new WidgetRepository($website); $widgetId = $request->getParamInt(0); if ($widgetId === 0) { // New widget $this->placedWidget = $this->getNewWidget($website, $request); } else { $this->placedWidget = $widgetRepo->getPlacedWidget($widgetId); } if ($request->hasRequestValue("submit") && Validate::requestToken($request)) { // Use incoming data $widgetDefinition = $this->installedWidgets->getDefinition($this->placedWidget); $data = $widgetDefinition->parseData($website, $widgetId); $this->placedWidget->setData($data); if ($this->isValid($data)) { // Save widget $widgetRepo->savePlacedWidget($this->placedWidget); $this->addSaveMessage($this->placedWidget, $website->getText()); } } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function testGenerateNew() { // Just a basic test to check if there is any randomness at all, and if // the token is actually created correctly $token1 = RequestToken::generateNew(); $token2 = RequestToken::generateNew(); $this->assertFalse($token1->matches($token2)); }
public function init(Website $website, Request $request) { parent::init($website, $request); $this->newUser = $this->handleUserRequest($website, $request); $this->allRanks = $website->getAuth()->getRanks(); $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $this->requestToken = RequestToken::generateNew(); $this->menuName = $request->getRequestString("menu_name", ""); if (Validate::requestToken($request)) { $this->handleSubmitedForm($website, $request); } $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $linkRepo = new LinkRepository($website->getDatabase()); $menuRepo = new MenuRepository($website->getDatabase()); $this->allLinks = $linkRepo->getAllLinksByMenu(); $this->allMenus = $menuRepo->getAllMenus(); $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $linkId = $request->getParamInt(0, 0); $linkRepo = new LinkRepository($website->getDatabase()); $this->link = $linkRepo->getLink($linkId); if (Validate::requestToken($request)) { $this->deleteLink($linkRepo, $website->getText()); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $menuId = $request->getParamInt(0, 0); $menuRepo = new MenuRepository($website->getDatabase()); $this->menu = $menuRepo->getMenu($menuId); $this->menu->setName($request->getRequestString("menu_name", $this->menu->getName())); if (Validate::requestToken($request)) { $this->trySaveMenu($menuRepo, $website->getText()); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { parent::init($website, $request); if (!$website->getConfig()->get(Config::OPTION_USER_ACCOUNT_CREATION) || $website->isLoggedIn()) { // Pretend page doesn't exist when account creation is disabled, // or when already logged in throw new NotFoundException(); } $this->newUser = $this->handleUserRequest($website, $request); $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $menuId = (int) $website->getConfig()->get(Config::OPTION_MAIN_MENU_ID); $menuRepo = new MenuRepository($website->getDatabase()); $this->menus = $menuRepo->getAllMenus(); $this->menu = isset($this->menus[$menuId]) ? $this->menus[$menuId] : null; if (Validate::requestToken($request)) { $this->handleRequest($website, $request); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $menuId = $request->getParamInt(0, 0); $menuRepo = new MenuRepository($website->getDatabase()); $this->menu = $menuRepo->getMenu($menuId); $this->linkName = $request->getRequestString("link_text", ""); $this->linkUrl = $request->getRequestString("link_url", ""); if (Validate::requestToken($request)) { $this->saveLink($website); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $documentId = $request->getParamInt(0, 0); $documentRepo = new DocumentRepository($website->getDatabase(), true); $this->document = $documentRepo->getDocument($documentId); if (Validate::requestToken($request)) { $widgetRepo = new WidgetRepository($website); $documentRepo->deleteDocument($this->document, $widgetRepo); $text = $website->getText(); $text->addMessage($text->t("main.document") . ' ' . $text->t("editor.is_deleted")); $this->deleted = true; } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { parent::init($website, $request); $themeManager = $website->getThemeManager(); if (!$themeManager->canSwitchThemes()) { $this->sendThemeSwitchError($website->getText()); } else { if (Validate::requestToken($request)) { $this->trySwitchTheme($themeManager, $website->getText(), $request); } } $this->availableThemes = $themeManager->getAllThemes(); $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $this->title = $website->getConfig()->get("title"); $this->copyright = $website->getConfig()->get("copyright"); $this->password = $website->getConfig()->get("password"); $this->language = $website->getConfig()->get("language"); $this->user_account_creation = $website->getConfig()->get("user_account_creation"); if (isset($_REQUEST["submit"]) && Validate::requestToken($request)) { $this->save_values($website); $this->saved = true; } // Refresh token $this->token = RequestToken::generateNew(); $this->token->saveToSession(); }
public function init(Website $website, Request $request) { $this->installedWidgets = $website->getWidgets(); $widgetId = $request->getParamInt(0, 0); $widgetRepo = new WidgetRepository($website); $this->placedWidget = $widgetRepo->getPlacedWidget($widgetId); if (Validate::requestToken($request)) { $widgetRepo->deletePlacedWidget($this->placedWidget); $text = $website->getText(); $text->addMessage($text->t("main.widget") . ' ' . $text->t("editor.is_deleted"), Link::of($text->getUrlPage("edit_document", $this->placedWidget->getDocumentId()), $text->t("main.ok"))); } else { $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); } }
public function init(Website $website, Request $request) { $categoryId = $request->getParamInt(0, 0); $categoriesRepo = new CategoryRepository($website->getDatabase()); if ($categoryId === 0) { $this->category = new Category(0, ""); } else { $this->category = $categoriesRepo->getCategory($categoryId); } if (Validate::requestToken($request)) { $this->updateCategory($categoriesRepo, $request, $website->getText()); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); $this->richEditor = new CKEditor($website->getText(), $website->getConfig(), $website->getThemeManager()); }
public function init(Website $website, Request $request) { $id = $request->getParamInt(0, 0); // Load document $documentRepo = new DocumentRepository($website->getDatabase(), true); $user = $website->getAuth()->getCurrentUser(); // ^ this is never null, as the required rank for this page is moderator $this->document = $this->retrieveDocument($website, $documentRepo, $id, $user); // Load document widgets $this->widgetLoader = $website->getWidgets(); $widgetRepo = new WidgetRepository($website); $this->widgets = $widgetRepo->getWidgetsInDocumentWithId($id); // Check for edits $this->saveData($website->getText(), $request, $this->document, $documentRepo); // Store new request token $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $categoriesRepo = new CategoryRepository($website->getDatabase()); $categoryId = $request->getParamInt(0, 0); $this->category = $categoriesRepo->getCategory($categoryId); if ($this->category->isStandardCategory()) { $text = $website->getText(); $editCategory = Link::of($text->getUrlPage("edit_category", $this->category->getId()), $text->t("categories.edit")); $viewAll = Link::of($text->getUrlPage("category_list"), $text->t("categories.view_all")); $text->addError($text->t("categories.delete.cannot_remove_default"), $editCategory, $viewAll); return; } if (Validate::requestToken($request)) { $articlesRepo = new ArticleRepository($website); $this->deleteCategory($categoriesRepo, $articlesRepo, $website->getText()); } $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { // Retrieve menus $menuRepo = new MenuRepository($website->getDatabase()); $this->allMenus = $menuRepo->getAllMenus(); // Retrieve the menu to be deleted $menuId = $request->getParamInt(0, 0); if (!isset($this->allMenus[$menuId])) { // Asking to delete non-existing menu throw new NotFoundException(); } $this->menu = $this->allMenus[$menuId]; // Retrieve links $linkRepo = new LinkRepository($website->getDatabase()); $this->linkCount = $linkRepo->getLinkCountByMenu($this->menu->getId()); $this->respondToRequest($linkRepo, $menuRepo, $website->getText(), $request); // Request token $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $commentId = $request->getParamInt(0, 0); $repo = new CommentRepository($website->getDatabase()); $this->comment = $repo->getCommentOrFail($commentId); $user = $website->getAuth()->getCurrentUser(); // Check if user is allowed to delete this comment if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) { throw new NotFoundException(); } // Check if form was submitted if (Validate::requestToken($request)) { $repo->deleteComment($commentId); $text = $website->getText(); $articleLink = $text->getUrlPage("article", $this->comment->getArticleId()); $text->addMessage($text->t("comments.comment") . ' ' . $text->t("editor.is_deleted"), Link::of($articleLink, $text->t("main.ok"))); } else { $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); } }
public function init(Website $website, Request $request) { $text = $website->getText(); $currentUser = $website->getAuth()->getCurrentUser(); $articleId = $request->getParamInt(0); $articleRepository = new ArticleRepository($website); $article = $this->getArticle($articleRepository, $currentUser, $articleId); $articleEditor = new ArticleEditor($article); $this->articleEditor = $articleEditor; $categoryRepository = new CategoryRepository($website->getDatabase()); $this->allCategories = $categoryRepository->getCategories(); $this->richEditor = new CKEditor($website->getText(), $website->getConfig(), $website->getThemeManager()); // Validate token, then save new one to session $validToken = Validate::requestToken($request); $this->token = RequestToken::generateNew(); $this->token->saveToSession(); // Now check input if (!$articleEditor->processInput($website->getText(), $request, $categoryRepository)) { return; } if ($request->hasRequestValue("submit") && $validToken) { // Try to save $article = $articleEditor->getArticle(); if ($articleRepository->saveArticle($article)) { $viewArticleLink = Link::of($website->getUrlPage("article", $article->getId()), $website->t("articles.view")); if ($articleId == 0) { // New article created $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_created"), $viewArticleLink); } else { // Article updated $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_edited"), $viewArticleLink); } // Check for redirect if ($request->getRequestString("submit") == $website->t("editor.save_and_quit")) { $this->redirectUrl = $website->getUrlPage("article", $article->getId()); } } } }
public function init(Website $website, Request $request) { $text = $website->getText(); $this->requestToken = RequestToken::generateNew(); $commentId = $request->getParamInt(0, 0); $auth = $website->getAuth(); $user = $auth->getCurrentUser(); $repo = new CommentRepository($website->getDatabase()); $this->comment = $repo->getCommentOrFail($commentId); if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) { // Can only edit own comment unless moderator throw new NotFoundException(); } if ($request->hasRequestValue("submit") && Validate::requestToken($request)) { // Validate and save comment $this->updateCommentFromRequest($this->comment, $request); if ($repo->validateComment($this->comment, $text)) { $repo->saveComment($this->comment); $this->redirectLink = $this->comment->getUrl($text); } } $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $text = $website->getText(); $this->requestToken = RequestToken::generateNew(); $articleId = $request->getParamInt(0, 0); $articleRepo = new ArticleRepository($website); $article = $articleRepo->getArticleOrFail($articleId); if (!$article->showComments) { $text->addError($text->t("comments.commenting_not_allowed_on_article")); return; } $user = $website->getAuth()->getCurrentUser(); $this->comment = $this->fetchComment($request, $article, $user); if ($request->hasRequestValue("submit") && Validate::requestToken($request)) { // Validate and save comment $repo = new CommentRepository($website->getDatabase()); if ($repo->validateComment($this->comment, $text)) { $repo->saveComment($this->comment); $this->redirectLink = $this->comment->getUrl($text); } } $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $text = $website->getText(); $widgetId = $request->getParamInt(0); $moveUp = $request->getRequestString("direction", "up") === "up"; $widgetRepository = new WidgetRepository($website); $this->placedWidget = $widgetRepository->getPlacedWidget($widgetId); $this->installedWidgets = $website->getWidgets(); if (Validate::requestToken($request)) { // move $this->moveWidget($widgetRepository, $moveUp); $this->redirectUrl = $text->getUrlPage("edit_document", $this->placedWidget->getDocumentId()); } else { $text->addError(Validate::getLastError($text)); $linkText = $text->t("widgets.move_down"); if ($moveUp) { $linkText = $text->t("widgets.move_up"); } // Generate new request token, allowing user to perform action again $newRequestToken = RequestToken::generateNew(); $this->moveLink = Link::of($text->getUrlPage("move_widget", $widgetId, ["direction" => $moveUp ? "up" : "down", RequestToken::FIELD_NAME => $newRequestToken->getTokenString()]), $linkText); $newRequestToken->saveToSession(); } }
/** * Checks if the session token stored in the request matches the session * token stored in the session. Just like the other validate methods, this * method updates the last error. However, for something technical like a * request token it is impossible to create a user-friendly message, so it's * better to not display this error. * @param Request $request The request that stores the session token. * @return boolean True if they match, false otherwise. */ public static function requestToken(Request $request) { $sessionToken = RequestToken::fromSession(); $requestToken = RequestToken::fromRequest($request); if ($sessionToken->matches($requestToken)) { return true; } self::setError("invalid_request_token"); return false; }