public function ldap_login($context) { if (!empty($context->username) || !empty($_POST['password'])) { //LDAP connection $ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors')); if ($ldap) { ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors')); $filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors')); $basedn = Symphony::Configuration()->get('basedn', 'ldap_authors'); try { //Attempt to authenticate to the LDAP server $bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']); $user = AuthorManager::fetchByUsername($context['username']); if (count($user) > 0 && $user->get('LDAP') === '1') { //LDAP user has visited before therefore login $this->login($user); return true; } else { //New LDAP user, we need to insert their details in the authors table $ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn); if ($ldap_user) { //Get attributes and insert data $attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors')); $author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]); if (count($author_details) == 3) { $id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true)); if ($id) { //Once user is inserted log them in $user = AuthorManager::fetchByID($id); $this->login($user); return true; } else { Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR); } } else { Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR); } } else { Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR); } } } catch (Exception $e) { Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING); } return false; } else { Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR); } } }
public static function get() { $url_parts = REST_API::getRequestURI(); $author_url = $url_parts[0]; $response = new XMLElement('response'); if (isset($author_url)) { if (is_numeric($author_url)) { $author = AuthorManager::fetchByID($author_url); } else { $author = AuthorManager::fetchByUsername($author_url); } if (!$author) { REST_API::sendError('Author not found.', 404); } $response->appendChild(self::__buildAuthorXML($author)); } else { $authors = AuthorManager::fetch(); foreach ($authors as $author) { $response->appendChild(self::__buildAuthorXML($author)); } } REST_API::sendOutput($response); }
public function __doit($fields, &$result, $position = null, $entry_id = null) { $post_values = new XMLElement('post-values'); $filter_results = array(); if (!is_array($this->eParamFILTERS)) { $this->eParamFILTERS = array(); } // Create the post data cookie element if (is_array($fields) && !empty($fields)) { General::array_to_xml($post_values, $fields, true); } /** * Prior to saving entry from the front-end. This delegate will * force the Event to terminate if it populates the `$filter_results` * array. All parameters are passed by reference. * * @delegate EventPreSaveFilter * @param string $context * '/frontend/' * @param array $fields * @param Event $this * @param array $messages * An associative array of array's which contain 4 values, * the name of the filter (string), the status (boolean), * the message (string) an optionally an associative array * of additional attributes to add to the filter element. * @param XMLElement $post_values * @param integer $entry_id * If editing an entry, this parameter will be an integer, * otherwise null. */ Symphony::ExtensionManager()->notifyMembers('EventPreSaveFilter', '/frontend/', array('fields' => &$fields, 'event' => &$this, 'messages' => &$filter_results, 'post_values' => &$post_values, 'entry_id' => &$entry_id)); if (is_array($filter_results) && !empty($filter_results)) { $can_proceed = true; foreach ($filter_results as $fr) { list($name, $status, $message, $attributes) = $fr; $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes)); if ($status === false) { $can_proceed = false; } } if ($can_proceed !== true) { $result->appendChild($post_values); $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); return false; } } include_once TOOLKIT . '/class.sectionmanager.php'; include_once TOOLKIT . '/class.entrymanager.php'; if (!($section = SectionManager::fetch($this->getSource()))) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('The Section, %s, could not be found.', array($this->getSource())))); return false; } if (isset($entry_id)) { $entry =& EntryManager::fetch($entry_id); $entry = $entry[0]; if (!is_object($entry)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('The Entry, %s, could not be found.', array($entry_id)))); return false; } } else { $entry =& EntryManager::create(); $entry->set('section_id', $this->getSource()); } if (__ENTRY_FIELD_ERROR__ == $entry->checkPostData($fields, $errors, $entry->get('id') ? true : false)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); foreach ($errors as $field_id => $message) { $field = FieldManager::fetch($field_id); if (is_array($fields[$field->get('element_name')])) { $type = array_reduce($fields[$field->get('element_name')], array('SectionEvent', '__reduceType')); } else { $type = $fields[$field->get('element_name')] == '' ? 'missing' : 'invalid'; } $result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => $type, 'message' => General::sanitize($message)))); } if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } elseif (__ENTRY_OK__ != $entry->setDataFromPost($fields, $errors, false, $entry->get('id') ? true : false)) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.'))); foreach ($errors as $field_id => $message) { $field = FieldManager::fetch($field_id); $result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => 'invalid', 'message' => General::sanitize($message)))); } if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } else { if (!$entry->commit()) { $result->setAttribute('result', 'error'); $result->appendChild(new XMLElement('message', __('Unknown errors where encountered when saving.'))); if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return false; } $result->setAttribute('id', $entry->get('id')); } // PASSIVE FILTERS ONLY AT THIS STAGE. ENTRY HAS ALREADY BEEN CREATED. if (in_array('send-email', $this->eParamFILTERS) && !in_array('expect-multiple', $this->eParamFILTERS)) { if (!function_exists('__sendEmailFindFormValue')) { function __sendEmailFindFormValue($needle, $haystack, $discard_field_name = true, $default = null, $collapse = true) { if (preg_match('/^(fields\\[[^\\]]+\\],?)+$/i', $needle)) { $parts = preg_split('/\\,/i', $needle, -1, PREG_SPLIT_NO_EMPTY); $parts = array_map('trim', $parts); $stack = array(); foreach ($parts as $p) { $field = str_replace(array('fields[', ']'), '', $p); $discard_field_name ? $stack[] = $haystack[$field] : ($stack[$field] = $haystack[$field]); } if (is_array($stack) && !empty($stack)) { return $collapse ? implode(' ', $stack) : $stack; } else { $needle = null; } } $needle = trim($needle); if (empty($needle)) { return $default; } return $needle; } } $fields = $_POST['send-email']; $db = Symphony::Database(); $fields['recipient'] = __sendEmailFindFormValue($fields['recipient'], $_POST['fields'], true); $fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY); $fields['recipient'] = array_map('trim', $fields['recipient']); $fields['subject'] = __sendEmailFindFormValue($fields['subject'], $_POST['fields'], true, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general')))); $fields['body'] = __sendEmailFindFormValue($fields['body'], $_POST['fields'], false, null, false); $fields['sender-email'] = __sendEmailFindFormValue($fields['sender-email'], $_POST['fields'], true, null); $fields['sender-name'] = __sendEmailFindFormValue($fields['sender-name'], $_POST['fields'], true, null); $fields['reply-to-name'] = __sendEmailFindFormValue($fields['reply-to-name'], $_POST['fields'], true, null); $fields['reply-to-email'] = __sendEmailFindFormValue($fields['reply-to-email'], $_POST['fields'], true, null); $edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/'; $language = Symphony::Configuration()->get('lang', 'symphony'); $template_path = Event::getNotificationTemplate($language); $body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link); if (is_array($fields['body'])) { foreach ($fields['body'] as $field_handle => $value) { $body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL; } } else { $body .= $fields['body']; } // Loop over all the recipients and attempt to send them an email // Errors will be appended to the Event XML $errors = array(); foreach ($fields['recipient'] as $recipient) { $author = AuthorManager::fetchByUsername($recipient); if (empty($author)) { $errors['recipient'][$recipient] = __('Recipient not found'); continue; } $email = Email::create(); // Huib: Exceptions are also thrown in the settings functions, not only in the send function. // Those Exceptions should be caught too. try { $email->recipients = array($author->get('first_name') => $author->get('email')); if ($fields['sender-name'] != null) { $email->sender_name = $fields['sender-name']; } if ($fields['sender-email'] != null) { $email->sender_email_address = $fields['sender-email']; } if ($fields['reply-to-name'] != null) { $email->reply_to_name = $fields['reply-to-name']; } if ($fields['reply-to-email'] != null) { $email->reply_to_email_address = $fields['reply-to-email']; } $email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body); $email->subject = $fields['subject']; $email->send(); } catch (EmailValidationException $e) { $errors['address'][$author->get('email')] = $e->getMessage(); } catch (EmailGatewayException $e) { // The current error array does not permit custom tags. // Therefore, it is impossible to set a "proper" error message. // Will return the failed email address instead. $errors['gateway'][$author->get('email')] = $e->getMessage(); } catch (EmailException $e) { // Because we don't want symphony to break because it can not send emails, // all exceptions are logged silently. // Any custom event can change this behaviour. $errors['email'][$author->get('email')] = $e->getMessage(); } } // If there were errors, output them to the event if (!empty($errors)) { $xml = $this->buildFilterElement('send-email', 'failed'); foreach ($errors as $type => $messages) { $xType = new XMLElement('error'); $xType->setAttribute('error-type', $type); foreach ($messages as $recipient => $message) { $xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient))); } $xml->appendChild($xType); } $result->appendChild($xml); } else { $result->appendChild($this->buildFilterElement('send-email', 'passed')); } } $filter_results = array(); /** * After saving entry from the front-end. This delegate will not force * the Events to terminate if it populates the `$filter_results` array. * Provided with references to this object, the `$_POST` data and also * the error array * * @delegate EventPostSaveFilter * @param string $context * '/frontend/' * @param integer $entry_id * @param array $fields * @param Entry $entry * @param Event $this * @param array $messages * An associative array of array's which contain 4 values, * the name of the filter (string), the status (boolean), * the message (string) an optionally an associative array * of additional attributes to add to the filter element. */ Symphony::ExtensionManager()->notifyMembers('EventPostSaveFilter', '/frontend/', array('entry_id' => $entry->get('id'), 'fields' => $fields, 'entry' => $entry, 'event' => &$this, 'messages' => &$filter_results)); if (is_array($filter_results) && !empty($filter_results)) { foreach ($filter_results as $fr) { list($name, $status, $message, $attributes) = $fr; $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes)); } } $filter_errors = array(); /** * This delegate that lets extensions know the final status of the * current Event. It is triggered when everything has processed correctly. * The `$messages` array contains the results of the previous filters that * have executed, and the `$errors` array contains any errors that have * occurred as a result of this delegate. These errors cannot stop the * processing of the Event, as that has already been done. * * * @delegate EventFinalSaveFilter * @param string $context * '/frontend/' * @param array $fields * @param Event $this * @param array $messages * An associative array of array's which contain 4 values, * the name of the filter (string), the status (boolean), * the message (string) an optionally an associative array * of additional attributes to add to the filter element. * @param array $errors * An associative array of array's which contain 4 values, * the name of the filter (string), the status (boolean), * the message (string) an optionally an associative array * of additional attributes to add to the filter element. * @param Entry $entry */ Symphony::ExtensionManager()->notifyMembers('EventFinalSaveFilter', '/frontend/', array('fields' => $fields, 'event' => $this, 'messages' => $filter_results, 'errors' => &$filter_errors, 'entry' => $entry)); if (is_array($filter_errors) && !empty($filter_errors)) { foreach ($filter_errors as $fr) { list($name, $status, $message, $attributes) = $fr; $result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes)); } } $result->setAttributeArray(array('result' => 'success', 'type' => isset($entry_id) ? 'edited' : 'created')); $result->appendChild(new XMLElement('message', isset($entry_id) ? __('Entry edited successfully.') : __('Entry created successfully.'))); if (isset($post_values) && is_object($post_values)) { $result->appendChild($post_values); } return true; }
public function parseAuthorAction($context) { if ($this->validateUser() && $this->validateElement('authors')) { // Set action type from delegate name. Saves having to // use three separate callbacks. $action = $this->getActionFromDelegateName($context['delegate']); // Figure out the author IDs and standardize their format if ($context['author'] instanceof Author) { // Workaround because the Author object returned by the delegate // doesn't have an ID for some reason. if ($action == 'created') { require_once TOOLKIT . '/class.authormanager.php'; $author = AuthorManager::fetchByUsername($context['author']->get('username')); $ids = (array) $author->get('id'); } else { $ids = (array) $context['author']->get('id'); } } else { if (isset($context['author_id'])) { $ids = array($context['author_id']); } else { $ids = (array) $context['author_ids']; } } // Log it. foreach ($ids as $id) { Tracker::log('authors', $id, $action, $this->getAuthorID(), $this->getTimestamp()); } } }
/** * This function handles the Send Mail filter which will send an email * to each specified recipient informing them that an Entry has been * created. * * @param XMLElement $result * The XMLElement of the XML that is going to be returned as part * of this event to the page. * @param array $send_mail * Associative array of `send-mail` parameters. * @param array $fields * Array of post data to extract the values from * @param Section $section * This Section for this event * @param Section $section * This current Entry that has just been updated or created * @return XMLElement * The modified `$result` with the results of the filter. */ public function processSendMailFilter(XMLElement $result, array $send_email, array &$fields, Section $section, Entry $entry) { $fields['recipient'] = self::replaceFieldToken($send_email['recipient'], $fields); $fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY); $fields['recipient'] = array_map('trim', $fields['recipient']); $fields['subject'] = self::replaceFieldToken($send_email['subject'], $fields, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general')))); $fields['body'] = self::replaceFieldToken($send_email['body'], $fields, null, false, false); $fields['sender-email'] = self::replaceFieldToken($send_email['sender-email'], $fields); $fields['sender-name'] = self::replaceFieldToken($send_email['sender-name'], $fields); $fields['reply-to-name'] = self::replaceFieldToken($send_email['reply-to-name'], $fields); $fields['reply-to-email'] = self::replaceFieldToken($send_email['reply-to-email'], $fields); $edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/'; $language = Symphony::Configuration()->get('lang', 'symphony'); $template_path = Event::getNotificationTemplate($language); $body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link); if (is_array($fields['body'])) { foreach ($fields['body'] as $field_handle => $value) { $body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL; } } else { $body .= $fields['body']; } // Loop over all the recipients and attempt to send them an email // Errors will be appended to the Event XML $errors = array(); foreach ($fields['recipient'] as $recipient) { $author = AuthorManager::fetchByUsername($recipient); if (empty($author)) { $errors['recipient'][$recipient] = __('Recipient not found'); continue; } $email = Email::create(); // Huib: Exceptions are also thrown in the settings functions, not only in the send function. // Those Exceptions should be caught too. try { $email->recipients = array($author->get('first_name') => $author->get('email')); if ($fields['sender-name'] != null) { $email->sender_name = $fields['sender-name']; } if ($fields['sender-email'] != null) { $email->sender_email_address = $fields['sender-email']; } if ($fields['reply-to-name'] != null) { $email->reply_to_name = $fields['reply-to-name']; } if ($fields['reply-to-email'] != null) { $email->reply_to_email_address = $fields['reply-to-email']; } $email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body); $email->subject = $fields['subject']; $email->send(); } catch (EmailValidationException $e) { $errors['address'][$author->get('email')] = $e->getMessage(); } catch (EmailGatewayException $e) { $errors['gateway'][$author->get('email')] = $e->getMessage(); } catch (EmailException $e) { $errors['email'][$author->get('email')] = $e->getMessage(); } } // If there were errors, output them to the event if (!empty($errors)) { $xml = self::buildFilterElement('send-email', 'failed'); foreach ($errors as $type => $messages) { $xType = new XMLElement('error'); $xType->setAttribute('error-type', $type); foreach ($messages as $recipient => $message) { $xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient))); } $xml->appendChild($xType); } $result->appendChild($xml); } else { $result->appendChild(self::buildFilterElement('send-email', 'passed')); } return $result; }
$fields = $_POST['fields']; $required = array('firstname', 'lastname', 'username', 'email'); for ($i = 0; $i < count($required); $i++) { if (trim($fields[$required[$i]]) == "") { $errors[$required[$i]] = true; } } if (is_array($errors)) { define("__SYM_ENTRY_MISSINGFIELDS__", true); } elseif ($fields['new_password'] != $fields['confirm_password']) { $Admin->pageAlert("password-mismatch", NULL, false, 'error'); } elseif (trim($fields['password']) != "" && md5($fields['password']) != $DB->fetchVar('password', 0, "SELECT `password` FROM tbl_authors WHERE `id` = '" . $_REQUEST['id'] . "' LIMIT 1")) { $Admin->pageAlert("password-incorrect", NULL, false, 'error'); } else { $current_username = $DB->fetchVar('username', 0, "SELECT `username` FROM `tbl_authors` WHERE `id` = " . $_REQUEST['id']); if (strtolower($current_username) != strtolower($fields['username']) && $authorManager->fetchByUsername($fields['username'])) { $Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error'); } else { $author =& $authorManager->create(); $author->set('id', $_REQUEST['id']); $author->set('textformat', $fields['textformat']); if (isset($fields['superuser'])) { $author->set('superuser', $fields['superuser']); } $author->set('email', $fields['email']); $author->set('firstname', General::sanitize($fields['firstname'])); $author->set('lastname', General::sanitize($fields['lastname'])); if (isset($fields['allow_sections'])) { $author->set('allow_sections', @implode(",", $fields['allow_sections'])); } $author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
***/ if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) { $fields = $_POST['fields']; include_once TOOLKIT . "/class.authormanager.php"; $authorManager = new AuthorManager($Admin); $required = array('firstname', 'lastname', 'username', 'email', 'password'); for ($i = 0; $i < count($required); $i++) { if (trim($fields[$required[$i]]) == "") { $errors[$required[$i]] = true; } } if (is_array($errors)) { define("__SYM_ENTRY_MISSINGFIELDS__", true); } elseif ($fields['password'] != $fields['password_confirm']) { $Admin->pageAlert("password-mismatch", NULL, false, 'error'); } elseif ($authorManager->fetchByUsername($fields['username'])) { $Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error'); } else { $author =& $authorManager->create(); $author->set('textformat', $fields['textformat']); $author->set('superuser', $fields['superuser']); $author->set('owner', '0'); $author->set('email', $fields['email']); $author->set('username', $fields['username']); $author->set('firstname', General::sanitize($fields['firstname'])); $author->set('lastname', General::sanitize($fields['lastname'])); $author->set('last_refresh', NULL); $author->set('last_session', NULL); $author->set('password', md5($fields['password'])); $author->set('allow_sections', @implode(",", $fields['allow_sections'])); $author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');