public function __construct()
{
parent::__construct();
$action = Request::get('action');
if ($action == 'edit' || $action == 'new') {
JS::startup('
lightning.admin.messageEditor.checkVars();
$("#add_message_criteria_button").click(lightning.admin.messageEditor.checkVars);
');
}
$this->post_actions['after_post'] = function () {
$db = Database::getInstance();
// Find all the criteria added to this message
$criteria_list = $db->select(array('from' => 'message_message_criteria', 'join' => array('JOIN', 'message_criteria', 'USING (message_criteria_id)')), array('message_id' => $this->id));
// See if any variables have been set.
foreach ($criteria_list as $c) {
// If the criteria requires variables.
if (!empty($c['variables'])) {
// See what variables are required.
$vars = explode(',', $c['variables']);
$var_data = array();
foreach ($vars as $v) {
$var_data[$v] = Request::post('var_' . $c['message_criteria_id'] . '_' . $v);
}
$db->update('message_message_criteria', array('field_values' => json_encode($var_data)), array('message_id' => Request::post('id', 'int'), 'message_criteria_id' => $c['message_criteria_id']));
}
}
};
}
/**
* Send a posted contact request to the site admin.
*/
public function postSendMessage()
{
// Make sure the sender's email address is valid.
if (!($sender_email = Request::post('email', 'email'))) {
Messenger::error('Please enter a valid email address.');
return $this->get();
}
if (!ReCaptcha::verify()) {
Messenger::error('You did not correctly enter the captcha code.');
return $this->get();
}
$subject = Configuration::get('contact.subject');
$body = "\nName: {$_POST['name']}\nEmail: {$sender_email}\nMessage:\n{$_POST['message']}";
$to_addresses = Configuration::get('contact.to');
$mailer = new Mailer();
foreach ($to_addresses as $to) {
$mailer->to($to);
}
$sent = $mailer->from($sender_email)->subject($subject)->message($body)->send();
if (!$sent) {
Messenger::error('Your message could not be sent. Please try again later');
return $this->get();
} else {
// Send an email to to have them test for spam.
if ($auto_responder = Configuration::get('contact.auto_responder')) {
$auto_responder_mailer = new Mailer();
$result = $auto_responder_mailer->sendOne($auto_responder, UserModel::loadByEmail($sender_email) ?: new UserModel(array('email' => $sender_email)));
if ($result && Configuration::get('contact.spam_test')) {
// Set the notice.
Navigation::redirect('/message', array('msg' => 'spam_test'));
}
}
Navigation::redirect('/message', array('msg' => 'contact_sent'));
}
}
/**
* Does not require encryption, uses token.
*/
public function post()
{
$user = ClientUser::getInstance()->id;
// TODO: These can be spoofed.
// A verification method is needed.
$tracker = Request::post('tracker');
$sub = Request::post('id', 'int');
// Track.
Tracker::trackEvent($tracker, $sub, $user);
Output::json(Output::SUCCESS);
}
public function postSave()
{
$user = ClientUser::getInstance();
// Update the user name.
$user->update(array('first' => Request::get('first'), 'last' => Request::get('last')));
// Update the password.
$password = Request::post('password');
$new_password = Request::post('new_password');
$new_password_confirm = Request::post('new_password_confirm');
if (!empty($password) && $user->checkPass($password)) {
if (false) {
Messenger::error('Your password did not meet the required criteria.');
} elseif ($new_password != $new_password_confirm) {
Messenger::error('You did not enter the same password twice.');
} else {
$user->setPass($new_password);
}
} elseif (!empty($new_password) || !empty($new_password)) {
Messenger::error('You did not enter your correct current password.');
}
// Update mailing list preferences.
$new_lists = Request::get('subscribed', 'array', 'int', array());
$new_lists = array_combine($new_lists, $new_lists);
$all_lists = Subscription::getLists();
$user_id = ClientUser::getInstance()->id;
$user_lists = Subscription::getUserLists($user_id);
$remove_lists = array();
foreach ($user_lists as $list) {
if (empty($new_lists[$list['message_list_id']]) && !empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
$add_lists = $new_lists;
unset($add_lists[0]);
if (!isset($new_lists[0])) {
foreach ($all_lists as $list) {
if (empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
}
$db = Database::getInstance();
if (!empty($remove_lists)) {
$db->delete('message_list_user', array('message_list_id' => array('IN', $remove_lists), 'user_id' => $user_id));
}
if (!empty($add_lists)) {
$db->insertMultiple('message_list_user', array('message_list_id' => $add_lists, 'user_id' => $user_id), true);
}
if (count(Messenger::getErrors()) == 0) {
Navigation::redirect(null, array('msg' => 'saved'));
}
}
protected function initSettings()
{
if (Request::get('return') == 'view') {
$this->post_actions['after_post'] = function ($row) {
Navigation::redirect('/' . $row['url'] . '.htm');
};
}
$this->preset['user_id']['default'] = ClientUser::getInstance()->id;
$this->preset['url']['submit_function'] = function (&$output) {
$output['url'] = Request::post('url', 'url') ?: Request::post('title', 'url');
};
$this->preset['header_image'] = array('type' => 'image', 'location' => BlogModel::IMAGE_PATH, 'weblocation' => '/' . BlogModel::IMAGE_PATH);
$this->action_fields = array('view' => array('display_name' => 'View', 'type' => 'html', 'html' => function ($row) {
return '<a href="/' . $row['url'] . '.htm"><img src="/images/lightning/resume.png" /></a>';
}));
}
public function initSettings()
{
$this->preset['password']['submit_function'] = function (&$output) {
if ($pass = Request::post('password')) {
$salt = User::getSalt();
$output['salt'] = bin2hex($salt);
$output['password'] = User::passHash($pass, $salt);
}
};
$this->preset['password']['edit_value'] = function (&$row) {
return '';
};
$this->preset['password']['display_value'] = function (&$row) {
return !empty($row['password']) ? 'Set' : '';
};
}
public function postRegister()
{
$email = Request::post('email', 'email');
$pass = Request::post('password');
// Validate POST data
if (!$this->validateData($email, $pass)) {
// Immediately output all the errors
Output::error("Invalid Data");
}
// Register user
$res = UserModel::register($email, $pass);
if ($res['success']) {
Output::json($res['data']);
} else {
Output::error($res['error']);
}
}
public function post()
{
if ($name = Request::post('name', '', '', '')) {
$name_parts = explode(' ', $name, 2);
$name = array('first' => $name_parts[0]);
if (!empty($name_parts[1])) {
$name['last'] = $name_parts[1];
}
} else {
// Add the user to the system.
$name = array('first' => Request::post('first', '', '', ''), 'last' => Request::post('last', '', '', ''));
}
$email = Request::post('email', 'email');
$user = User::addUser($email, $name);
// Add the user to the mailing list.
$default_list = Configuration::get('mailer.default_list');
$mailing_list = Request::post('list_id', 'int', null, $default_list);
if (!empty($mailing_list)) {
$user->subscribe($mailing_list);
}
Navigation::redirect(Request::post('redirect') ?: '/message?msg=optin');
}
public function postUpdateDate()
{
if (ClientUser::getInstance()->isAdmin()) {
$id = Request::post('id');
$key = Request::post('key');
$column = Request::post('column');
$table = Request::post('table');
$m = Request::post("date_m");
$d = Request::post("date_d");
$y = Request::post("date_y");
if ($m > 0 && $d > 0) {
if ($y == 0) {
$y = date("Y");
}
$value = gregoriantojd($m, $d, $y);
} else {
$value = 0;
}
Database::getInstance()->update($table, array($column => $value), array($key => $id));
Output::json(Output::SUCCESS);
} else {
Output::json(Output::ACCESS_DENIED);
}
}
/**
* Make sure a valid token has been received.
*
* @return boolean
* Whether the token is valid.
*/
public function validateToken() {
// If this is a post request, there must be a valid token.
if (!$this->ignoreToken && strtolower(Request::type()) == 'post') {
$token = Request::post('token', 'hex');
return !empty($token) && $token == Session::getInstance()->getToken();
} else {
// This is not a POST request so it's not required.
return true;
}
}
public function loginRedirect($page = null, $params = array())
{
$redirect = Request::post('redirect', 'urlencoded') ?: Request::query('redirect');
if ($redirect && !preg_match('|^[/?]user|', $redirect)) {
Navigation::redirect($redirect, $params);
} elseif (!empty($page)) {
Navigation::redirect($page, $params);
} else {
Navigation::redirect(Configuration::get('user.login_url'), $params);
}
}
public function postSave()
{
$user = ClientUser::getInstance();
if (!$user->isAdmin()) {
return $this->get();
}
$page_id = Request::post('page_id', 'int');
$title = Request::post('title');
$url = Request::post('url', 'url');
// Create an array of the new values.
$new_values = array('title' => $title, 'url' => !empty($url) ? $url : Scrub::url($title), 'keywords' => Request::post('keywords'), 'description' => Request::post('description'), 'site_map' => Request::post('sitemap', 'int'), 'body' => Request::post('page_body', 'html', '', '', true), 'last_update' => time(), 'layout' => Request::post('layout', 'int'));
// Save the page.
if ($page_id != 0) {
Database::getInstance()->update('page', $new_values, array('page_id' => $page_id));
} else {
$page_id = Database::getInstance()->insert('page', $new_values);
}
$output = array();
$output['url'] = $new_values['url'];
$output['page_id'] = $page_id;
$output['title'] = $title;
Output::json($output);
}
/**
* Render the edit field component.
*
* @param array $field
* The field settings.
* @param array $row
* The data row.
*
* @return string
* The rendered HTML.
*/
protected function renderEditField($field, &$row = array())
{
// Make sure the form_field is set.
if (!isset($field['form_field'])) {
$field['form_field'] = $field['field'];
}
// Get the default field value.
if (!empty($_POST)) {
$v = Request::post($field['form_field']);
} elseif (empty($row)) {
$v = isset($field['default']) ? $field['default'] : '';
} elseif (isset($field['edit_value'])) {
if (is_callable($field['edit_value'])) {
$v = $row[] = $field['edit_value']($row);
} else {
$v = $row[] = $field['edit_value'];
}
} elseif (!empty($row[$field['field']])) {
$v = $row[$field['field']];
}
if (isset($this->preset[$field['field']]['render_' . $this->action . '_field'])) {
$this->get_row(false);
return $this->preset[$field['field']]['render_' . $this->action . '_field']($this->list);
}
// Prepare value.
if (!isset($field['Value'])) {
$field['Value'] = isset($v) ? $v : null;
}
if (!empty($field['encrypted'])) {
$field['Value'] = $this->decrypt($field['Value']);
}
// Set the default value if new.
if ($this->action == "new" && isset($field['default'])) {
$field['Value'] = $field['default'];
}
// Print form input.
$options = array();
$return = '';
switch (preg_replace('/\\([0-9]+\\)/', '', $field['type'])) {
case 'text':
case 'mediumtext':
case 'longtext':
case 'html':
$config = array();
$editor = !empty($field['editor']) ? strtolower($field['editor']) : 'default';
switch ($editor) {
case 'full':
$config['toolbar'] = "CKEDITOR.config.toolbar_Full";
break;
case 'print':
$config['toolbar'] = "CKEDITOR.config.toolbar_Print";
break;
case 'basic_image':
$config['toolbar'] = "CKEDITOR.config.toolbar_Basic_Image";
break;
case 'basic':
default:
$config['toolbar'] = "CKEDITOR.config.toolbar_Basic";
break;
}
if (!empty($field['full_page'])) {
$config['fullPage'] = true;
$config['allowedContent'] = true;
}
if (!empty($field['height'])) {
$config['height'] = $field['height'];
}
if (!empty($field['upload'])) {
$config['finder'] = true;
}
return CKEditor::iframe($field['form_field'], $field['Value'], $config);
break;
case 'div':
if ($field['Value'] == '') {
$field['Value'] = "<p></p>";
}
return "<input type='hidden' name='{$field['form_field']}' id='{$field['form_field']}' value='" . $this->convert_quotes($field['Value']) . "' />\n\t\t\t\t\t\t\t<div id='{$field['form_field']}_div' spellcheck='true'>{$field['Value']}</div>";
break;
case 'plaintext':
return "<textarea name='{$field['form_field']}' id='{$field['form_field']}' spellcheck='true' cols='90' rows='10'>{$field['Value']}</textarea>";
break;
case 'hidden':
return "<input type='hidden' name='{$field['form_field']}' id='{$field['form_field']}' value='" . $this->convert_quotes($field['Value']) . "' />";
break;
case 'image':
if (!empty($field['Value'])) {
$return .= '<img src="' . $this->getImageLocationWeb($field, $field['Value']) . '" class="table_edit_image" />';
}
// Fall through.
// Fall through.
case 'file':
if ($field['Value'] != '' && (!isset($field['replaceable']) || empty($field['replaceable'])) || $field['Value'] == '') {
$return .= "<input type='file' name='{$field['form_field']}' id='{$field['form_field']}' />";
}
return $return;
break;
case 'time':
return Time::timePop($field['form_field'], $field['Value'], !empty($field['allow_blank']));
break;
case 'date':
$return = Time::datePop($field['form_field'], !empty($field['Value']) ? $field['Value'] : 0, !empty($field['allow_blank']), !empty($field['start_year']) ? $field['start_year'] : 0);
return $return;
break;
case 'datetime':
return Time::dateTimePop($field['form_field'], $field['Value'], !empty($field['allow_blank']), isset($field['start_year']) ? $field['start_year'] : date('Y') - 10);
break;
case 'lookup':
case 'yesno':
case 'state':
case 'country':
case 'select':
if ($field['type'] == 'lookup') {
$options = Database::getInstance()->selectColumn($field['lookuptable'], $field['display_column'], !empty($field['filter']) ? $field['filter'] : array(), !empty($field['lookupkey']) ? $field['lookupkey'] : $field['field']);
} elseif ($field['type'] == "yesno") {
$options = array(1 => 'No', 2 => 'Yes');
} elseif ($field['type'] == "state") {
$options = Location::getStateOptions();
} elseif ($field['type'] == "country") {
$options = Location::getCountryOptions();
} else {
$options = $field['options'];
}
if (!is_array($options)) {
return false;
}
if (!empty($field['allow_blank'])) {
$options = array('' => '') + $options;
}
$output = BasicHTML::select($field['form_field'], $options, $field['Value']);
if (!empty($field['pop_add'])) {
if ($field['table_url']) {
$location = $field['table_url'];
} else {
$location = "table.php?table=" . $field['lookuptable'];
}
$output .= "<a onclick='lightning.table.newPop(\"{$location}\",\"{$field['form_field']}\",\"{$field['display_column']}\")'>Add New Item</a>";
}
return $output;
break;
case 'range':
$output = "<select name='{$field['form_field']}' id='{$field['form_field']}'>";
if ($field['allow_blank']) {
$output .= '<option value="0"></option>';
}
if ($field['start'] < $field['end']) {
for ($k = $field['start']; $k <= $field['end']; $k++) {
$output .= "<option value='{$k}'" . ($field['Value'] == $k ? 'selected="selected"' : '') . ">{$k}</option>";
}
}
$output .= '</select>';
return $output;
break;
case 'checkbox':
return "<input type='checkbox' name='{$field['form_field']}' id='{$field['form_field']}' value='1' " . ($field['Value'] == 1 ? "checked" : '') . " />";
break;
case 'note':
return $field['note'];
break;
case 'checklist':
$vals = $this->decode_bool_group($field['Value']);
$output = '';
foreach ($field['options'] as $i => $opt) {
if (is_array($opt)) {
$id = $opt[0];
$name = $opt[1];
} else {
$id = $i;
$name = $opt;
}
$output .= "<div class='checlist_item'><input type='checkbox' name='{$field['form_field']}_{$id}' value='1' " . ($vals[$id] == 1 ? "checked" : '') . " />{$name}</div>";
}
return $output;
break;
case 'varchar':
case 'char':
preg_match('/(.+)\\(([0-9]+)\\)/i', $field['type'], $array);
$options['size'] = $array[2];
default:
if (!empty($field['autocomplete'])) {
$options['classes'] = array('table_autocomplete');
$options['autocomplete'] = false;
}
return Text::textfield($field['form_field'], $field['Value'], $options);
break;
}
}
public function post()
{
$blog_id = Request::get('id', 'int') | Request::get('blog_id', 'int');
$action = Request::get('action');
// AUTHORIZE A BLOG COMMENT.
switch ($action) {
case 'post_comment_check':
echo md5($_POST['email'] . $_POST['name'] . $_POST['comment']);
exit;
case 'post_comment':
// FIRST CHECK FOR SPAM
if ($_POST['check_val'] == md5($_POST['email'] . $_POST['name'] . $_POST['comment'])) {
$values = array('blog_id' => $blog_id, 'ip_address' => Request::server('ip_int'), 'email_address' => Request::post('email', 'email'), 'name' => Request::post('name'), 'comment' => Request::post('comment'), 'time' => time());
Database::getInstance()->insert('blog_comment', $values);
echo "success";
} else {
echo "spam error";
}
exit;
case 'remove_blog_comment':
$user = ClientUser::getInstance();
if ($user->isAdmin() && $_POST['blog_comment_id'] > 0) {
Database::getInstance()->delete('blog_comment', array('blog_comment_id' => Request::post('blog_comment_id', 'int')));
echo "ok";
} else {
echo "access denied";
}
exit;
case 'approve_blog_comment':
$user = ClientUser::getInstance();
if ($user->isAdmin() && $_POST['blog_comment_id'] > 0) {
Database::getInstance()->update('blog_comment', array('approved' => 1), array('blog_comment_id' => Request::post('blog_comment_id', 'int')));
echo "ok";
exit;
}
}
}