public function checkAccess() { if ($this->isProtected() === true) { if (!$this->auth->isLoggedIn()) { RequestHandler::redirect($this->core->getSettings()->logincontroller->login_page); } $this->abortIfUserHasNotRights('CMS_BACKEND_ACCESS'); } }
public function viewHttpErrors() { if (($deleteRouteId = $this->cmsController->getHttpRequest()->getVar('delete')) !== null) { try { $stmntRemove = $this->cmsController->getDB()->prepare("DELETE FROM mod_maintenance_page_not_found WHERE ID = ?"); $this->cmsController->getDB()->delete($stmntRemove, array($deleteRouteId)); $this->setMessageForNextPage(new CmsBackendMessage('Path removed successfully', CmsBackendMessage::MSG_TYPE_SUCCESS)); RequestHandler::redirect($this->getBaseURI() . '/http-errors'); } catch (\Exception $e) { $this->setMessageForNextPage(new CmsBackendMessage('Could not remove path', CmsBackendMessage::MSG_TYPE_ERROR)); } } $sqlString = "\n\t\t\tSELECT *\n\t\t\tFROM mod_maintenance_page_not_found pnf\n\t\t\tLEFT JOIN (\n\t\t\t\tSELECT page_not_found_IDFK,\n\t\t\t\tCOUNT(*) error_count,\n\t\t\t\tCOUNT(DISTINCT ip_address) ip_address_count,\n\t\t\t\tMAX(request_date) most_recent_error_date\n\t\t\t\tFROM mod_maintenance_page_not_found_request\n\t\t\t\tGROUP BY page_not_found_IDFK\n\t\t\t) AS entry ON entry.page_not_found_IDFK = pnf.ID\n\t\t"; $trPaths = new TableRenderer('mod-maintenance-http-errors-paths', $this->cmsController->getDB(), $sqlString); $trPaths->setOptions(array('delete' => '?delete={ID}')); $columnMostRecentErrorDate = new Column('most_recent_error_date', 'Newest error', array(new DateColumnDecorator($this->cmsController->getLocaleHandler()->getDateTimeFormat())), true, null, TableRenderer::SORT_DESC); $columnPath = new Column('path', 'Path', array(new RewriteColumnDecorator('<a href="' . $this->getBaseURI() . '/http-errors/view/{ID}">{path}</a>')), true); $columnPath->setFilter(); $trPaths->setColumns(array($columnPath, $columnMostRecentErrorDate, new Column('error_count', 'Errors', array(), true), new Column('ip_address_count', 'IP addresses', array(), true))); $trPaths->setDefaultOrder($columnMostRecentErrorDate); return $this->renderModuleContent('mod-maintenance/http-errors-overview', array('siteTitle' => 'HTTP errors', 'table_paths' => $trPaths->display())); }
/** * Generates a CmsPage object according to the given route, renders it and creates the framework * response for it. * * @return HttpResponse The rendered page with all headers set ready to send back to the client * @throws CMSException * @throws HttpException * @throws \Exception */ public function deliverCMSPage() { $pageModel = new PageModel($this->db); $this->cmsRoute = $pageModel->getRouteByURI($this->httpRequest->getPath()); if ($this->cmsRoute === null) { //throw new HttpException('Could not find route: ' . $this->httpRequest->getPath(), 404); return $this->deliverPreviewCMSPage(); } if ($this->cmsRoute->isSSLRequired() && $this->httpRequest->getProtocol() !== HttpRequest::PROTOCOL_HTTPS) { RequestHandler::redirect($this->httpRequest->getURL(HttpRequest::PROTOCOL_HTTPS)); } elseif ($this->auth->isLoggedIn() === false && $this->cmsRoute->isSSLForbidden() && $this->httpRequest->getProtocol() !== HttpRequest::PROTOCOL_HTTP) { RequestHandler::redirect($this->httpRequest->getURL(HttpRequest::PROTOCOL_HTTP)); } // Update httpRequest object if ($this->cmsRoute->isRegex()) { preg_match('@^' . $this->cmsRoute->getPattern() . '$@', $this->httpRequest->getPath(), $res); array_shift($res); $this->route->setParams($res); } elseif ($this->cmsRoute->getModuleID() !== null) { preg_match('@^' . $this->cmsRoute->getPattern() . '(/.+)?$@', $this->httpRequest->getPath(), $res); array_shift($res); $this->route->setParams($res); } if ($this->cmsRoute->getPageID() !== null) { $this->cmsPage = $pageModel->getPageByID($this->cmsRoute->getPageID()); if ($this->cmsRoute->getModuleID() !== null) { try { $modId = $this->cmsRoute->getModuleID(); $modInfo = $this->moduleModel->getModuleById($modId); if ($modInfo === null) { throw new CMSException('The module with ID ' . $modId . ' has no frontend controller defined'); } if (isset($this->loadedModules[$modInfo->name]) === false) { $cmsModuleInstance = new $modInfo->frontendcontroller($this, $modInfo->name); } else { $cmsModuleInstance = $this->loadedModules[$modInfo->name]; } if ($cmsModuleInstance instanceof CmsModuleFrontendController === false) { throw new CMSException('The module frontend controller for module ' . $modInfo->name . ' is none of type CmsModuleFrontendController'); } /** @var CmsModuleFrontendController $cmsModuleInstance */ $this->cmsModule = $cmsModuleInstance; if (($response = $this->cmsModule->callMethodByPath($path = $this->route->getParam(0))) instanceof HttpResponse) { return $response; } } catch (HttpException $e) { if ($e->getCode() === 404) { $this->eventDispatcher->dispatch('cms.page_not_found', new PageNotFoundEvent($this->httpRequest)); } elseif ($e->getCode() === 403) { $this->eventDispatcher->dispatch('cms.page_access_denied', new PageAccessDeniedEvent($this->httpRequest)); } throw $e; } } return $this->generateCMSPage($pageModel); } elseif ($this->cmsRoute->getExternalSource() !== null) { if ($this->cmsRoute->isRegex()) { $redirectLocation = preg_replace('@' . str_replace('@', '\\@', $this->cmsRoute->getPattern()) . '@', $this->cmsRoute->getExternalSource(), $this->httpRequest->getPath()); } else { $redirectLocation = $this->cmsRoute->getExternalSource(); } return new HttpResponse(301, null, array('Location' => $redirectLocation)); } elseif ($this->cmsRoute->getRedirectRoute() !== null) { return new HttpResponse(301, null, array('Location' => $this->cmsRoute->getRedirectRoute()->getPattern())); } }
public function processNewPasswordPage() { if ($this->auth->isLoggedIn()) { RequestHandler::redirect($this->core->getSettings()->logincontroller->page_after_login); } $tokenUserID = $this->route->getParam(0); $token = substr($tokenUserID, 0, 13); $userID = substr($tokenUserID, 13); $this->formHelper = new FormHelper(FormHelper::METHOD_POST); $this->formHelper->addField('password', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please type in your new password')); $this->formHelper->addField('pwrepeat', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please retype your new password')); if (!$this->formHelper->sent() || !$this->formHelper->validate()) { return $this->getNewPasswordPage(); } $newpw = $this->formHelper->getFieldValue('password'); if (strlen($newpw) < 8) { $this->formHelper->addError(null, 'Your password has to be at least 8 characters long'); } if (preg_match('/^\\d+$/', $newpw) || preg_match('/^[A-Za-z]+$/', $newpw)) { $this->formHelper->addError(null, 'Your password has to be a mix of alpha and numeric signs'); } if ($newpw !== $this->formHelper->getFieldValue('pwrepeat')) { $this->formHelper->addError(null, 'Your new password and the repetition do not match'); } if (!$this->auth->checkToken($token, $userID)) { $this->formHelper->addError(null, 'Sorry the token you submittd is not valid anymore'); } if ($this->formHelper->hasErrors()) { return $this->getNewPasswordPage(); } try { $stmntSalt = $this->db->prepare("SELECT salt, confirmed FROM login WHERE token = ? AND ID = ?"); $resSalt = $this->db->select($stmntSalt, array($token, $userID)); if (count($resSalt) <= 0) { throw new CMSException('Could not find user'); } $stmntUpdatePw = $this->db->prepare("\n\t\t\t\tUPDATE login SET password = ?, confirmed = ?, token = NULL, tokentime = NULL WHERE token = ? AND ID = ?\n\t\t\t"); $this->db->update($stmntUpdatePw, array($this->auth->encryptPassword($newpw, $resSalt[0]->salt), $resSalt[0]->confirmed === null ? date('Y-m-d H:i:s') : $resSalt[0]->confirmed, $token, $userID)); } catch (\Exception $e) { $this->formHelper->addError(null, 'Could not update password. Reason: ' . $e->getMessage()); return $this->getNewPasswordPage(); } RequestHandler::redirect('/backend'); }
public function postEditRightGroup(array $params) { $this->cmsController->abortIfUserHasNotRights('BACKEND_RIGHTGROUPS_EDIT'); if (isset($params[0]) === false || ($rightGroup = $this->rightGroupModel->getRightGroupByID($params[0])) === null) { $rightGroup = new RightGroup(); } $this->prepareEditRightGroupForm($rightGroup); if (!$this->form->isSent() || !$this->form->validate()) { return $this->getEditRightGroup($params); } $rightValue = $this->form->getField('rights')->getValue(); $rootValue = $this->form->getField('root')->getValue(); $rightGroup->setGroupName($this->form->getField('name')->getValue()); $rightGroup->setGroupKey($this->form->getField('key')->getValue()); $rightGroup->setRoot($rootValue === null ? 0 : 1); $rightGroup->setRights(is_array($rightValue) ? $rightValue : array()); $this->rightGroupModel->storeRightGroup($rightGroup); RequestHandler::redirect($this->getBaseURI()); }
public function processRouteEdit() { $this->abortIfUserHasNotRights('CMS_ROUTES_EDIT'); //$coreModel = new CoreModel($this->db); $pageModel = new PageModel($this->db); $routeModel = new RouteModel($this->db); $moduleModel = new ModuleModel($this->db); $pageOptions = array(); foreach ($pageModel->getAllPages() as $p) { $pageOptions[$p->ID] = $p->language_codeFK . ', ' . $p->title; } $routeOptions = array(); foreach ($routeModel->getAllRoutes() as $r) { if ($r->ID == $this->route->getParam(0)) { continue; } $routeOptions[$r->ID] = $r->pattern; } $moduleOptions = array(); foreach ($moduleModel->getModulesWithFrontendController() as $m) { $routeOptions[$m->ID] = $m->ID; } $this->formHelper = new FormHelper(FormHelper::METHOD_POST); $this->formHelper->addField('pattern', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please insert a pattern for this route')); $this->formHelper->addField('page', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid page', 'options' => $pageOptions)); $this->formHelper->addField('robots', null, FormHelper::TYPE_STRING, false); $this->formHelper->addField('regexp', null, FormHelper::TYPE_CHECKBOX); $this->formHelper->addField('route_typ', null, FormHelper::TYPE_OPTION); $this->formHelper->addField('redirect', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid page', 'options' => $pageOptions)); $this->formHelper->addField('module', null, FormHelper::TYPE_OPTION, false, array('invalidError' => 'Please select a valid module', 'options' => $moduleOptions)); if (!$this->formHelper->sent() || !$this->formHelper->validate()) { return $this->getRouteEdit(); } $patternStr = $this->formHelper->getFieldValue('pattern'); if (StringUtils::startsWith($patternStr, '/')) { $this->formHelper->addError(null, 'The route can not start with a slash (/)'); return $this->getRouteEdit(); } if (preg_match('@^[A-Za-z0-9\\-\\._/?#\\@&+=]+$@', $patternStr) === 0) { $this->formHelper->addError(null, 'The route should only have alphanumeric characters and -._/?#@&+= in it'); return $this->getRouteEdit(); } if ($patternStr === 'backend' || StringUtils::startsWith($patternStr, 'backend/') === true) { $this->formHelper->addError(null, 'The route should not start with "backend/". This URI node is reserved by the CMS'); return $this->getRouteEdit(); } // save settings $routeTyp = $this->formHelper->getFieldValue('route_typ'); $stmntUpdate = $this->db->prepare("\n\t\t\tINSERT INTO route\n\t\t\t\tSET ID = ?, pattern = ?, regex = ?, page_IDFK = ?, mod_IDFK = ?, robots = ?, redirect_route_IDFK = ?\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\tpattern = ?, regex = ?, page_IDFK = ?, mod_IDFK = ?, robots = ?, redirect_route_IDFK = ?\n\n\t\t"); $resUpdate = $this->db->update($stmntUpdate, array($this->route->getParam(0), '/' . $patternStr, $this->formHelper->getFieldValue('regexp'), $routeTyp == 1 ? $this->formHelper->getFieldValue('page') : null, $this->formHelper->getFieldValue('module') == 0 ? null : $this->formHelper->getFieldValue('module'), $this->formHelper->getFieldValue('robots'), $routeTyp == 2 ? $this->formHelper->getFieldValue('redirect') : null, '/' . $patternStr, $this->formHelper->getFieldValue('regexp'), $routeTyp == 1 ? $this->formHelper->getFieldValue('page') : null, $this->formHelper->getFieldValue('module') == 0 ? null : $this->formHelper->getFieldValue('module'), $this->formHelper->getFieldValue('robots'), $routeTyp == 2 ? $this->formHelper->getFieldValue('redirect') : null)); RequestHandler::redirect('/backend/routes'); }
/** * @return HttpResponse */ public function postModuleDetail() { $modEditLang = $this->getHttpRequest()->getVar('mod_edit_lang', 'strip_tags'); if ($modEditLang !== null) { $_SESSION['mod_edit_lang'] = $modEditLang; RequestHandler::redirect($_SERVER['REQUEST_URI']); } return $this->getModuleDetail(); }
public function processPageRightEdit($params) { $this->formHelper = new FormHelper(FormHelper::METHOD_POST); $pageID = isset($params[0]) ? $params[0] : null; $rightGroupModel = new RightGroupModel($this->cmsController->getDB()); $optsRightGroups = array(); foreach ($rightGroupModel->getRightGroups() as $g) { if ($g->isRoot() === true) { continue; } $optsRightGroups[$g->getID()] = $g->getGroupName(); } $this->formHelper->addField('rightgroup', null, FormHelper::TYPE_OPTION, true, array('missingError' => 'Please choose a group', 'invalidError' => 'Please choose a valid group', 'options' => $optsRightGroups)); $this->formHelper->addField('rights', null, FormHelper::TYPE_MULTIOPTIONS, false, array('missingError' => 'Please choose one or more rights', 'invalidError' => 'Please choose one or more valid rights', 'options' => array('read' => 'read', 'write' => 'write'))); $this->formHelper->addField('date_from', null, FormHelper::TYPE_DATE, true, array('missingError' => 'Please enter a date from where the group should have access', 'invalidError' => 'Please enter a valid date from where the group should habe acess')); $this->formHelper->addField('date_to', null, FormHelper::TYPE_DATE, false, array('invalidError' => 'Please enter a valid date till when the group should habe acess')); if (!$this->formHelper->sent() || !$this->formHelper->validate()) { return $this->getPageRightEdit($params); } $dateFrom = $this->formHelper->getFieldValue('date_from'); $dateTo = $this->formHelper->getFieldValue('date_to'); if ($dateFrom !== null) { $dtFrom = new \DateTime($this->formHelper->getFieldValue('date_from')); } if ($dateTo !== null) { $dtTo = new \DateTime($this->formHelper->getFieldValue('date_to')); } $rights = $this->formHelper->getFieldValue('rights'); try { $stmntSaveRightGroup = $this->cmsController->getDB()->prepare("\n\t\t\t\tINSERT INTO page_has_rightgroup SET page_IDFK = ?, rightgroup_IDFK = ?, start_date = ?, end_date = ?, rights = ?\n\t\t\t\tON DUPLICATE KEY UPDATE start_date = ?, end_date = ?, rights = ?\n\t\t\t"); $this->cmsController->getDB()->insert($stmntSaveRightGroup, array($pageID, $this->formHelper->getFieldValue('rightgroup'), $dateFrom !== null ? $dtFrom->format('Y-m-d H:i:s') : null, $dateTo !== null ? $dtTo->format('Y-m-d H:i:s') : null, CmsUtils::getRightsAsDec(in_array('read', $rights) ? '1' : '0', in_array('write', $rights) ? '1' : '0'), $dateFrom !== null ? $dtFrom->format('Y-m-d H:i:s') : null, $dateTo !== null ? $dtTo->format('Y-m-d H:i:s') : null, CmsUtils::getRightsAsDec(in_array('read', $rights) ? '1' : '0', in_array('write', $rights) ? '1' : '0'))); } catch (\Exception $e) { $this->formHelper->addError(null, 'Could not save right information'); } if ($this->formHelper->hasErrors()) { return $this->getPageRightEdit($params); } RequestHandler::redirect($this->baseLink . '/page/' . $pageID); }
public function processEditUser() { $this->abortIfUserHasNotRights('BACKEND_USERS_EDIT'); $rightgroupModel = new RightGroupModel($this->db); $rightgroups = array(); foreach ($rightgroupModel->getRightGroups() as $rg) { $rightgroups[$rg->ID] = $rg->groupname; } $this->formHelper = new FormHelper(FormHelper::METHOD_POST); $this->formHelper->addField('name', null, FormHelper::TYPE_STRING, true, array('missingError' => 'Please insert an username')); $this->formHelper->addField('email', null, FormHelper::TYPE_EMAIL, true, array('missingError' => 'Please insert an e-mail address', 'invalidError' => 'Please insert a valid e-mail address')); $this->formHelper->addField('active', null, FormHelper::TYPE_CHECKBOX, false); $this->formHelper->addField('rightgroups', null, FormHelper::TYPE_MULTIOPTIONS, true, array('missingError' => 'Please choose at least one rightgroup', 'options' => $rightgroups)); if (!$this->formHelper->sent() || !$this->formHelper->validate()) { return $this->getEditUser(); } try { if ($this->route->getParam(0) === null) { // Create $login = new \stdClass(); $login->username = $this->formHelper->getFieldValue('name'); $login->email = $this->formHelper->getFieldValue('email'); $login->active = $this->formHelper->getFieldValue('active'); $login->token = uniqid(); $login->registeredBy = $this->auth->getUserID(); $userID = $this->auth->signUp($login); // Send mail $mailer = MailFactory::getMailer(); // Create a message $message = \Swift_Message::newInstance('Your new metanet.ch account'); $message->setFrom(array($this->core->getSettings()->logincontroller->sender_email => $this->core->getSettings()->logincontroller->sender_name)); $message->setTo(array($this->formHelper->getFieldValue('email'))); $message->setBody("Hi,\n\nYou've gotten a new account to scatter stuff at this website in all directions.\n\nTo log you in you have to choose a strong password for your new account.\n\nPlease visit this link for that: https://" . $this->httpRequest->getHost() . '/backend/restore-pw/' . $login->token . $userID); // Send the message $result = $mailer->send($message); if (!$result) { $this->formHelper->addError(null, 'The link to reset your password could not been sent to you. Sorry!'); return $this->getEditUser(); } } else { $userID = $this->route->getParam(0); $stmntLogin = $this->db->prepare("\n\t\t\t\t\tUPDATE login SET name = ?, email = ?, active = ? WHERE ID = ?\n\t\t\t\t"); $this->db->update($stmntLogin, array($this->formHelper->getFieldValue('name'), $this->formHelper->getFieldValue('email'), $this->formHelper->getFieldValue('active'), $userID)); } $removeRights = $this->db->prepare("DELETE FROM login_has_rightgroup WHERE loginIDFK = ?"); $this->db->delete($removeRights, array($userID)); $stmntInsertRight = $this->db->prepare("\n\t\t\t\tINSERT INTO login_has_rightgroup\n\t\t\t\tSET loginIDFK = ?, rightgroupIDFK = ?, datefrom = NOW()\n\t\t\t"); foreach ($this->formHelper->getFieldValue('rightgroups') as $r) { $this->db->insert($stmntInsertRight, array($userID, $r)); } } catch (\Exception $e) { $this->formHelper->addError(null, 'Could not save user to database. Reason: ' . $e->getMessage()); return $this->getEditUser(); } RequestHandler::redirect('/backend/users'); }
public function postEditNavHasEntry($params) { $this->formHelper = $this->generateFormEditNavHasEntry(); if (!$this->formHelper->sent() || $this->formHelper->validate() === false) { return $this->getEditNav($params); } try { $this->cmsController->getDB()->beginTransaction(); $navID = $params[0]; $entryID = $params[1]; // Get old hidden states $stmntHidden = $this->cmsController->getDB()->prepare("\n\t\t\t\tSELECT navigation_entry_IDFK, hidden FROM navigation_has_entry WHERE navigation_IDFK = ? AND parent_navigation_entry_IDFK = ?\n\t\t\t"); $resHidden = $this->cmsController->getDB()->select($stmntHidden, array($navID, $entryID)); $hiddenStates = array(); foreach ($resHidden as $h) { $hiddenStates[$h->navigation_entry_IDFK] = $h->hidden; } $stmntDelete = $this->cmsController->getDB()->prepare("\n\t\t\t\tDELETE FROM navigation_has_entry WHERE navigation_IDFK = ? AND parent_navigation_entry_IDFK = ?\n\t\t\t"); $this->cmsController->getDB()->delete($stmntDelete, array($navID, $entryID)); $stmntInsert = $this->cmsController->getDB()->prepare("\n\t\t\t\tINSERT INTO navigation_has_entry SET navigation_IDFK = ?, navigation_entry_IDFK = ?, parent_navigation_entry_IDFK = ?, sort = ?, hidden = ?\n\t\t\t"); foreach ($this->formHelper->getFieldValue('entries') as $i => $e) { $this->cmsController->getDB()->insert($stmntInsert, array($navID, $e, $entryID, $i + 1, isset($hiddenStates[$e]) && $hiddenStates[$e] == 1 ? 1 : 0)); } $stmntUpdateThisEntry = $this->cmsController->getDB()->prepare("\n\t\t\t\tUPDATE navigation_has_entry SET hidden = ? WHERE navigation_IDFK = ? AND navigation_entry_IDFK = ?\n\t\t\t"); $this->cmsController->getDB()->update($stmntUpdateThisEntry, array($this->formHelper->getFieldValue('hidden'), $navID, $entryID)); $this->cmsController->getDB()->commit(); } catch (\Exception $e) { if ($e->getCode() === 23000) { $errorMsg = 'The navigation entry <b>#' . $entryID . '</b> is already used in this navigation. Each navigation entry can only be used once per navigation.'; } else { $errorMsg = 'Could not save navigation: ' . $e->getMessage(); } $this->formHelper->addError(null, $errorMsg); $this->cmsController->getDB()->rollBack(); return $this->getEditNavHasEntry($params); } RequestHandler::redirect($this->baseLink . '/nav/' . $navID . '/edit'); }