示例#1
0
 public function action_delete()
 {
     $result = array('status' => false, 'error' => array());
     try {
         $input = Input::post();
         if (empty($input) || empty($input['id'])) {
             throw new Exception('You must specify a blog to delete.');
         }
         $blog = Model_Blog::find($input['id']);
         if (!$blog) {
             throw new Exception('Blog not found.');
         }
         if (!\Access::can('delete_any_blog', $this->user) && (!\Access::can('delete_own_blog', $this->user) || !Model_Agency_Contact::is_confirmed($blog->user_id, $this->user))) {
             throw new Exception('You are not authorized to delete this blog');
         }
         try {
             $blog->delete();
             $result['status'] = true;
         } catch (\Orm\ValidationFailed $ex) {
             $result['error'] = $ex->getMessage();
         } catch (Exception $ex) {
             $msg = $ex->getMessage();
             $result['error'] = $msg ? $msg : 'Oops, something went wrong.';
         }
     } catch (Exception $ex) {
         $result['error'] = $ex->getMessage();
     }
     return $this->response($result);
 }
示例#2
0
 public static function load($blog_id = null, $user_id = null, $include_count = true, $offset = 0, $limit = BLOG_DISPLAY_LIMIT)
 {
     $filters = array();
     $current_user = \Warden::current_user();
     $result = array('data' => array(), 'count' => 0);
     if (empty($blog_id)) {
         if (empty($user_id)) {
             $filters['public_flag'] = true;
             //only load public blogs if not loading a specific user's blog
             if (!$current_user || !\Access::can('publicize_any_blog', $current_user)) {
                 $filters['publish_flag'] = true;
                 //only load published blogs if the user is not privileged to publicize any blog
             }
         } else {
             if (!$current_user || $user_id != $current_user->id) {
                 $filters['publish_flag'] = true;
                 //only load published blogs if the user is loading a blog that's not their own
             }
             $filters['user_id'] = $user_id;
             //load blogs for the specified user only
         }
         $result['data'] = static::get_where($filters, $offset, $limit);
     } else {
         $result['data'] = static::get_where(array('id' => $blog_id, 0, 1));
     }
     if (!empty($result['data'])) {
         $result['count'] = $include_count ? static::get_count($filters) : count($result['data']);
     }
     return $result;
 }
示例#3
0
 public function action_login()
 {
     $this->template->title = 'User » Login';
     $this->template->content = $this->action_get_login_form();
     $post = Input::post();
     if (!empty($post)) {
         //get the destination path to redirect to upon login
         $destination = empty($_REQUEST['destination']) ? '/welcome' : $_REQUEST['destination'];
         $this->template->content->destination = $destination;
         //add server-side validation
         $validation = $this->template->content->validation;
         $validation->add_field('username_or_email', 'Username or Email', 'required');
         $validation->add_field('password', 'Password', 'required');
         if ($validation->run()) {
             try {
                 $authenticated_flag = false;
                 if ($this->user && \Access::can('impersonate_any_user', $this->user)) {
                     Warden::logout();
                     $authenticated_flag = Warden::force_login($validation->validated('username_or_email'), true);
                 } else {
                     $authenticated_flag = Warden::authenticate($validation->validated('username_or_email'), $validation->validated('password'), Input::post('remember_me'));
                 }
                 if ($authenticated_flag) {
                     Response::redirect(Uri::create($destination, array(), array(), false));
                 } else {
                     Session::set_flash('error', 'Invalid username/email or password entered.');
                 }
             } catch (Warden\Failure $failure) {
                 switch ($failure->reason()) {
                     case 'unconfirmed':
                         //user is unconfirmed - let them know they need to confirm and activate their account
                         Session::set_flash('error', $failure->getMessage());
                         $this->template->content = View::forge('user/unconfirmed');
                         $this->template->content->user = $failure->get_user();
                         $this->template->content->user->send_confirmation_instructions();
                         break;
                     case 'locked':
                         Session::set_flash('error', array('Your account has been locked due to too many consecutive failed login attempts.', 'Check your email for instructions on unlocking your account. Or you can wait a few days and try again.'));
                         break;
                     default:
                         Session::set_flash('error', $failure->getMessage());
                 }
             } catch (Exception $ex) {
                 Session::set_flash('error', $ex->getMessage());
             }
         } else {
             Session::set_flash('error', 'Invalid username/email or password entered.');
         }
     }
 }
示例#4
0
<?php

$disabled_flag = $current_user && !\Access::can('impersonate_any_user', $current_user) ? true : false;
?>
<div id="login">
	<?php 
echo Form::open(array('action' => $disabled_flag ? false : Uri::create('user/login', array(), array(), \Config::get('ssl_enable')), 'id' => 'login-form'));
?>
		<h1 class="center">Sign In</h1>
		<?php 
echo Form::hidden('destination', $destination);
?>
		<?php 
echo Form::hidden('omniauth', '', array('id' => 'omniauth'));
?>
		<div class="input"><?php 
echo Form::input('username_or_email', $validation->input('username_or_email'), array('type' => 'text', 'id' => 'login_username_or_email', 'class' => 'text', 'placeholder' => 'Username or Email', 'disabled' => $disabled_flag));
?>
		</div>
		<div class="input"><?php 
echo Form::password('password', $validation->input('password'), array('id' => 'login_password', 'class' => 'text', 'placeholder' => 'Password', 'disabled' => $disabled_flag));
?>
		</div>
		<div class="input links">
			<span id="remember-me"><?php 
echo Form::checkbox('remember_me', false, array('id' => 'remember-me-checkbox'));
?>
<label for="remember-me-checkbox"> Remember Me</label></span>
			<span id="forgot-password"><a href="<?php 
echo Uri::create('user/forgot_password', array(), array(), \Config::get('ssl_enable'));
?>
示例#5
0
 public function action_unlock()
 {
     if (!\Access::can('unlock_any_user', $this->user)) {
         //user must either be editing their own account, or have special privileges to edit someone else's
         \Response::redirect('/welcome/404');
     }
     $post = \Input::post();
     if (empty($post) || empty($post['user_id'])) {
         //user_id of user to unlock must be posted
         \Response::redirect('/welcome/404');
     }
     $user_id = $post['user_id'];
     try {
         //load the user, assign the new roles and save
         $user = $user_id == $this->user->id ? $this->user : \Warden\Model_User::find($user_id);
         if (!$user->is_access_locked()) {
             throw new Exception('User is not locked.');
         }
         $user->unlock_access(true);
         Session::set_flash('success', 'User is unlocked.');
     } catch (\MongoOrm\ValidationFailed $ex) {
         Session::set_flash('error', $ex->getMessage());
     } catch (Exception $ex) {
         $msg = $ex->getMessage();
         Session::set_flash('error', $msg ? $msg : 'Oops, something went wrong.');
     }
     \Response::redirect('/member/view/' . $user_id);
 }
示例#6
0
 protected function load_blog_view($user_id, $blog_id = null)
 {
     $blogView = \View::forge('pages/blog');
     $results = Model_Blog::load($blog_id, $user_id);
     $blogView->is_confirmed = $this->user && $this->user->id == $user_id;
     $blogView->user_id = $this->user ? $this->user->id : $user_id;
     $blogView->blog_id = $blog_id;
     $blogView->blogs = $results['data'];
     $blogView->count = $results['count'];
     $blogView->is_public = empty($user_id) ? true : false;
     $blogView->can_edit_own = $this->user && \Access::can('edit_own_blog', $this->user);
     $blogView->can_edit_any = $this->user && \Access::can('edit_any_blog', $this->user);
     $blogView->can_delete_own = $this->user && \Access::can('delete_own_blog', $this->user);
     $blogView->can_delete_any = $this->user && \Access::can('delete_any_blog', $this->user);
     $blogView->can_make_own_public = $this->user && \Access::can('publicize_own_blog', $this->user);
     $blogView->can_make_any_public = $this->user && \Access::can('publicize_any_blog', $this->user);
     $blogView->addable = empty($blog_id) && $this->user && $blogView->can_edit_own && ($blogView->is_public && $blogView->can_make_own_public || $blogView->is_confirmed);
     //user can add their own blog
     $blogView->include_edit_form = $blogView->addable || $blogView->can_edit_any && $blogView->count;
     $blogView->force_public = $blogView->is_public && $blogView->can_make_any_public;
     $blogView->title = null;
     if ($blogView->include_edit_form) {
         $this->include_client_scripts(array('jquery_forms'));
     }
     return $blogView;
 }