/**
* Load the form
*/
private function loadForm()
{
$this->imageIsAllowed = BackendModel::getModuleSetting($this->URL->getModule(), 'show_image_form', true);
$this->frm = new BackendForm('add');
// set hidden values
$rbtHiddenValues[] = array('label' => BL::lbl('Hidden', $this->URL->getModule()), 'value' => 'Y');
$rbtHiddenValues[] = array('label' => BL::lbl('Published'), 'value' => 'N');
// get categories
$categories = BackendBlogModel::getCategories();
$categories['new_category'] = SpoonFilter::ucfirst(BL::getLabel('AddCategory'));
// create elements
$this->frm->addText('title', null, null, 'inputText title', 'inputTextError title');
$this->frm->addEditor('text');
$this->frm->addEditor('introduction');
$this->frm->addRadiobutton('hidden', $rbtHiddenValues, 'N');
$this->frm->addCheckbox('allow_comments', BackendModel::getModuleSetting($this->getModule(), 'allow_comments', false));
$this->frm->addDropdown('category_id', $categories, SpoonFilter::getGetValue('category', null, null, 'int'));
if (count($categories) != 2) {
$this->frm->getField('category_id')->setDefaultElement('');
}
$this->frm->addDropdown('user_id', BackendUsersModel::getUsers(), BackendAuthentication::getUser()->getUserId());
$this->frm->addText('tags', null, null, 'inputText tagBox', 'inputTextError tagBox');
$this->frm->addDate('publish_on_date');
$this->frm->addTime('publish_on_time');
if ($this->imageIsAllowed) {
$this->frm->addImage('image');
}
// meta
$this->meta = new BackendMeta($this->frm, null, 'title', true);
}
/**
* Returns the encrypted password for a user by giving a email/password
* Returns false if no user was found for this user/pass combination
*
* @param string $email The email.
* @param string $password The password.
* @return string
*/
public static function getEncryptedPassword($email, $password)
{
$email = (string) $email;
$password = (string) $password;
// fetch user ID by email
$userId = BackendUsersModel::getIdByEmail($email);
// check if a user ID was found, return false if no user exists
if ($userId === false) {
return false;
}
// fetch user record
$user = new BackendUser($userId);
$key = $user->getSetting('password_key');
// return the encrypted string
return (string) self::getEncryptedString($password, $key);
}
/**
* Execute the action
*/
public function execute()
{
$email = $this->getParameter('email', 'string');
// does the user exist
if ($email !== null) {
parent::execute();
// delete item
if (BackendUsersModel::undoDelete($email)) {
// get user
$user = new BackendUser(null, $email);
// item was deleted, so redirect
$this->redirect(BackendModel::createURLForAction('edit') . '&id=' . $user->getUserId() . '&report=restored&var=' . $user->getSetting('nickname') . '&highlight=row-' . $user->getUserId());
} else {
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
} else {
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
}
/**
* Execute the action
*/
public function execute()
{
// get parameters
$this->id = $this->getParameter('id', 'int');
// does the user exist
if ($this->id !== null && BackendUsersModel::exists($this->id) && BackendAuthentication::getUser()->getUserId() != $this->id) {
parent::execute();
// get data
$user = new BackendUser($this->id);
// God-users can't be deleted
if ($user->isGod()) {
$this->redirect(BackendModel::createURLForAction('index') . '&error=cant-delete-god');
}
// delete item
BackendUsersModel::delete($this->id);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_delete', array('id' => $this->id));
// item was deleted, so redirect
$this->redirect(BackendModel::createURLForAction('index') . '&report=deleted&var=' . $user->getSetting('nickname'));
} else {
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
}
/**
* Validate the form
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// email is present
if ($this->frm->getField('email')->isFilled(BL::err('EmailIsRequired'))) {
// is this an email-address
if ($this->frm->getField('email')->isEmail(BL::err('EmailIsInvalid'))) {
// was this emailaddress deleted before
if (BackendUsersModel::emailDeletedBefore($this->frm->getField('email')->getValue())) {
$this->frm->getField('email')->addError(sprintf(BL::err('EmailWasDeletedBefore'), BackendModel::createURLForAction('undo_delete', null, null, array('email' => $this->frm->getField('email')->getValue()))));
} else {
// email already exists
if (BackendUsersModel::existsEmail($this->frm->getField('email')->getValue())) {
$this->frm->getField('email')->addError(BL::err('EmailAlreadyExists'));
}
}
}
}
// required fields
$this->frm->getField('password')->isFilled(BL::err('PasswordIsRequired'));
$this->frm->getField('nickname')->isFilled(BL::err('NicknameIsRequired'));
$this->frm->getField('name')->isFilled(BL::err('NameIsRequired'));
$this->frm->getField('surname')->isFilled(BL::err('SurnameIsRequired'));
$this->frm->getField('interface_language')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('date_format')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('time_format')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('number_format')->isFilled(BL::err('FieldIsRequired'));
$this->frm->getField('groups')->isFilled(BL::err('FieldIsRequired'));
if ($this->frm->getField('password')->isFilled()) {
if ($this->frm->getField('password')->getValue() !== $this->frm->getField('confirm_password')->getValue()) {
$this->frm->getField('confirm_password')->addError(BL::err('ValuesDontMatch'));
}
}
// validate avatar
if ($this->frm->getField('avatar')->isFilled()) {
// correct extension
if ($this->frm->getField('avatar')->isAllowedExtension(array('jpg', 'jpeg', 'gif', 'png'), BL::err('JPGGIFAndPNGOnly'))) {
// correct mimetype?
$this->frm->getField('avatar')->isAllowedMimeType(array('image/gif', 'image/jpg', 'image/jpeg', 'image/png'), BL::err('JPGGIFAndPNGOnly'));
}
}
// no errors?
if ($this->frm->isCorrect()) {
// build settings-array
$settings['nickname'] = $this->frm->getField('nickname')->getValue();
$settings['name'] = $this->frm->getField('name')->getValue();
$settings['surname'] = $this->frm->getField('surname')->getValue();
$settings['interface_language'] = $this->frm->getField('interface_language')->getValue();
$settings['date_format'] = $this->frm->getField('date_format')->getValue();
$settings['time_format'] = $this->frm->getField('time_format')->getValue();
$settings['datetime_format'] = $settings['date_format'] . ' ' . $settings['time_format'];
$settings['number_format'] = $this->frm->getField('number_format')->getValue();
$settings['csv_split_character'] = $this->frm->getField('csv_split_character')->getValue();
$settings['csv_line_ending'] = $this->frm->getField('csv_line_ending')->getValue();
$settings['password_key'] = uniqid();
$settings['current_password_change'] = time();
$settings['avatar'] = 'no-avatar.gif';
$settings['api_access'] = (bool) $this->frm->getField('api_access')->getChecked();
// get selected groups
$groups = $this->frm->getField('groups')->getChecked();
// init var
$newSequence = BackendGroupsModel::getSetting($groups[0], 'dashboard_sequence');
// loop through groups and collect all dashboard widget sequences
foreach ($groups as $group) {
$sequences[] = BackendGroupsModel::getSetting($group, 'dashboard_sequence');
}
// loop through sequences
foreach ($sequences as $sequence) {
// loop through modules inside a sequence
foreach ($sequence as $moduleKey => $module) {
// loop through widgets inside a module
foreach ($module as $widgetKey => $widget) {
// if widget present set true
if ($widget['present']) {
$newSequence[$moduleKey][$widgetKey]['present'] = true;
}
}
}
}
// add new sequence to settings
$settings['dashboard_sequence'] = $newSequence;
// build user-array
$user['email'] = $this->frm->getField('email')->getValue();
$user['password'] = BackendAuthentication::getEncryptedString($this->frm->getField('password')->getValue(true), $settings['password_key']);
// save the password strength
$passwordStrength = BackendAuthentication::checkPassword($this->frm->getField('password')->getValue(true));
$settings['password_strength'] = $passwordStrength;
// save changes
$user['id'] = (int) BackendUsersModel::insert($user, $settings);
// has the user submitted an avatar?
if ($this->frm->getField('avatar')->isFilled()) {
// create new filename
$filename = rand(0, 3) . '_' . $user['id'] . '.' . $this->frm->getField('avatar')->getExtension();
// add into settings to update
$settings['avatar'] = $filename;
// resize (128x128)
$this->frm->getField('avatar')->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/128x128/' . $filename, 128, 128, true, false, 100);
// resize (64x64)
$this->frm->getField('avatar')->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/64x64/' . $filename, 64, 64, true, false, 100);
// resize (32x32)
$this->frm->getField('avatar')->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/32x32/' . $filename, 32, 32, true, false, 100);
}
// update settings (in this case the avatar)
BackendUsersModel::update($user, $settings);
// save groups
BackendGroupsModel::insertMultipleGroups($user['id'], $groups);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_add', array('item' => $user));
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('index') . '&report=added&var=' . $settings['nickname'] . '&highlight=row-' . $user['id']);
}
}
}
/**
* Validate the forms
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$txtEmail = $this->frm->getField('backend_email');
$txtPassword = $this->frm->getField('backend_password');
// required fields
if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
// add error
$this->frm->addError('fields required');
// show error
$this->tpl->assign('hasError', true);
}
// invalid form-token?
if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('400 Bad Request', true, 400);
}
}
// all fields are ok?
if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
// try to login the user
if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
// add error
$this->frm->addError('invalid login');
// store attempt in session
$current = SpoonSession::exists('backend_login_attempts') ? (int) SpoonSession::get('backend_login_attempts') : 0;
// increment and store
SpoonSession::set('backend_login_attempts', ++$current);
// show error
$this->tpl->assign('hasError', true);
}
}
// check sessions
if (SpoonSession::exists('backend_login_attempts') && (int) SpoonSession::get('backend_login_attempts') >= 5) {
// get previous attempt
$previousAttempt = SpoonSession::exists('backend_last_attempt') ? SpoonSession::get('backend_last_attempt') : time();
// calculate timeout
$timeout = 5 * (SpoonSession::get('backend_login_attempts') - 4);
// too soon!
if (time() < $previousAttempt + $timeout) {
// sleep untill the user can login again
sleep($timeout);
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('503 Service Unavailable', true, 503);
}
} else {
// increment and store
SpoonSession::set('backend_last_attempt', time());
}
// too many attempts
$this->frm->addEditor('too many attempts');
// show error
$this->tpl->assign('hasTooManyAttemps', true);
$this->tpl->assign('hasError', false);
}
// no errors in the form?
if ($this->frm->isCorrect()) {
// cleanup sessions
SpoonSession::delete('backend_login_attempts');
SpoonSession::delete('backend_last_attempt');
// create filter with modules which may not be displayed
$filter = array('authentication', 'error', 'core');
// get all modules
$modules = array_diff(BackendModel::getModules(), $filter);
// loop through modules and break on first allowed module
foreach ($modules as $module) {
if (BackendAuthentication::isAllowedModule($module)) {
break;
}
}
// redirect to the correct URL (URL the user was looking for or fallback)
$this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, $module)));
}
}
// is the form submitted
if ($this->frmForgotPassword->isSubmitted()) {
// backend email
$email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
// required fields
if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
// check if there is a user with the given emailaddress
if (!BackendUsersModel::existsEmail($email)) {
$this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
}
}
// no errors in the form?
if ($this->frmForgotPassword->isCorrect()) {
// generate the key for the reset link and fetch the user ID for this email
$key = BackendAuthentication::getEncryptedString($email, uniqid());
// insert the key and the timestamp into the user settings
$userId = BackendUsersModel::getIdByEmail($email);
$user = new BackendUser($userId);
$user->setSetting('reset_password_key', $key);
$user->setSetting('reset_password_timestamp', time());
// variables to parse in the e-mail
$variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('reset_password') . '&email=' . $email . '&key=' . $key;
// send e-mail to user
BackendMailer::addEmail(SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')), BACKEND_MODULE_PATH . '/layout/templates/mails/reset_password.tpl', $variables, $email);
// clear post-values
$_POST['backend_email_forgot'] = '';
// show success message
$this->tpl->assign('isForgotPasswordSuccess', true);
// show form
$this->tpl->assign('showForm', true);
} else {
$this->tpl->assign('showForm', true);
}
}
}
/**
* Load the form
*/
private function loadForm()
{
// create form
$this->frm = new BackendForm('edit');
// set hidden values
$rbtHiddenValues[] = array('label' => BL::lbl('Hidden'), 'value' => 'Y');
$rbtHiddenValues[] = array('label' => BL::lbl('Published'), 'value' => 'N');
// get categories
$categories = BackendBlogModel::getCategories();
$categories['new_category'] = SpoonFilter::ucfirst(BL::getLabel('AddCategory'));
// create elements
$this->frm->addText('title', $this->record['title'], null, 'inputText title', 'inputTextError title');
$this->frm->addEditor('text', $this->record['text']);
$this->frm->addEditor('introduction', $this->record['introduction']);
$this->frm->addRadiobutton('hidden', $rbtHiddenValues, $this->record['hidden']);
$this->frm->addCheckbox('allow_comments', $this->record['allow_comments'] === 'Y' ? true : false);
$this->frm->addDropdown('category_id', $categories, $this->record['category_id']);
if (count($categories) != 2) {
$this->frm->getField('category_id')->setDefaultElement('');
}
$this->frm->addDropdown('user_id', BackendUsersModel::getUsers(), $this->record['user_id']);
$this->frm->addText('tags', BackendTagsModel::getTags($this->URL->getModule(), $this->record['id']), null, 'inputText tagBox', 'inputTextError tagBox');
$this->frm->addDate('publish_on_date', $this->record['publish_on']);
$this->frm->addTime('publish_on_time', date('H:i', $this->record['publish_on']));
if ($this->imageIsAllowed) {
$this->frm->addImage('image');
$this->frm->addCheckbox('delete_image');
}
// meta object
$this->meta = new BackendMeta($this->frm, $this->record['meta_id'], 'title', true);
// set callback for generating a unique URL
$this->meta->setUrlCallback('BackendBlogModel', 'getURL', array($this->record['id']));
}
/**
* Validate the form
*
* @return void
*/
private function validateForm()
{
// is the form submitted
if ($this->frm->isSubmitted()) {
// shorten fields
$newPassword = $this->frm->getField('backend_new_password');
$newPasswordRepeated = $this->frm->getField('backend_new_password_repeated');
// required fields
$newPassword->isFilled(BL::err('PasswordIsRequired'));
$newPasswordRepeated->isFilled(BL::err('PasswordRepeatIsRequired'));
// all fields are ok?
if ($newPassword->isFilled() && $newPasswordRepeated->isFilled()) {
// the passwords entered match
if ($newPassword->getValue() !== $newPasswordRepeated->getValue()) {
// add error
$this->frm->addError(BL::err('PasswordsDontMatch'));
// show error
$this->tpl->assign('error', BL::err('PasswordsDontMatch'));
}
}
// is the form submitted
if ($this->frm->isCorrect()) {
// change the users password
BackendUsersModel::updatePassword($this->user, $newPassword->getValue());
// attempt to login the user
if (!BackendAuthentication::loginUser($this->user->getEmail(), $newPassword->getValue())) {
// redirect to the login form with an error
$this->redirect(BackendModel::createURLForAction('index', null, null, array('login' => 'failed')));
}
// redirect to the login form
$this->redirect(BackendModel::createUrlForAction('index', 'dashboard', null, array('password_reset' => 'success')));
}
}
}
