public function init(Website $website, Request $request) { $this->request = $request; // Handle login ourselves // (Using the provided getMinimumRank helper gives an ugly // "You need to be logged in to view this page" message.) $this->loggedIn = $website->getAuth()->check(Authentication::RANK_USER, false); $this->loggedInAsAdmin = $website->isLoggedInAsStaff(true); if (!$this->loggedIn) { $this->errorMessage = $this->getLoginErrorMessage($website->getText(), $website->getAuth()); } $this->canCreateAccounts = (bool) $website->getConfig()->get(Config::OPTION_USER_ACCOUNT_CREATION); }
public function init(Website $website, Request $request) { $userId = $request->getParamInt(0); // Fetch user $userRepo = $website->getAuth()->getUserRepository(); $user = $userRepo->getById($userId); if (!$user->canLogIn()) { // Can't log in to deleted or banned users throw new NotFoundException(); } // Set user $this->newUser = $user; $website->getAuth()->setCurrentUser($user); }
public function init(Website $website, Request $request) { $this->errorMessage = $website->getAuth()->getLoginError($this->minimumRank); $psrRequest = $request->toPsr(); $this->targetUrl = $psrRequest->getUri(); $this->postVars = (array) $psrRequest->getParsedBody(); $this->canCreateAccounts = $website->getConfig()->get(Config::OPTION_USER_ACCOUNT_CREATION); }
public function getPageContent(Website $website, Request $request) { $show_form = true; $textToDisplay = ""; if (isset($_REQUEST["display_name"])) { // Sent $display_name = $request->getRequestString("display_name"); if (Validate::displayName($display_name)) { // Valid display_name $this->user->setDisplayName($display_name); $userRepo = $website->getAuth()->getUserRepository(); $userRepo->save($this->user); // Saved $textToDisplay .= '<p>' . $website->t("users.display_name") . ' ' . $website->t("editor.is_changed") . '</p>'; // Don't show form $show_form = false; } else { // Invalid display_name $website->addError($website->t("users.display_name") . ' ' . Validate::getLastError($website)); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.display_name", true) . '</em></p>'; } } // Show form if ($show_form) { // Text above form $textToDisplay .= "<p>" . $website->t("users.display_name.edit.explained") . "</p>\n"; if ($this->editing_someone_else) { $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n"; } // Form itself $display_name = isset($_POST['display_name']) ? htmlSpecialChars($_POST['display_name']) : $this->user->getDisplayName(); $textToDisplay .= <<<EOT <p>{$website->t("main.fields_required")}</p> <form action="{$website->getUrlMain()}" method="post"> <p> <label for="display_name">{$website->t('users.display_name')}:</label><span class="required">*</span><br /> <input type="text" id="display_name" name="display_name" value="{$display_name}"/><br /> </p> <p> <input type="hidden" name="id" value="{$this->user->getId()}" /> <input type="hidden" name="p" value="edit_display_name" /> <input type="submit" value="{$website->t('users.display_name.edit')} " class="button" /> </p> </form> EOT; } // Links $textToDisplay .= $this->get_account_links_html($website); return $textToDisplay; }
public function init(Website $website, Request $request) { $articleId = $request->getParamInt(0); $oArticles = new ArticleRepository($website); $this->article = $oArticles->getArticleOrFail($articleId); $this->editLinks = $website->isLoggedInAsStaff(); $this->currentUser = $website->getAuth()->getCurrentUser(); if ($this->article->showComments) { $oComments = new CommentRepository($website->getDatabase()); $this->comments = $oComments->getCommentsArticle($this->article->getId()); } else { $this->comments = []; } }
public function getPageContent(Website $website, Request $request) { $show_form = true; $textToDisplay = ""; if ($request->hasRequestValue("email")) { // Sent $email = $request->getRequestString("email"); if (Validate::email($email)) { // Valid email $this->user->setEmail($email); $userRepo = $website->getAuth()->getUserRepository(); $userRepo->save($this->user); // Saved $textToDisplay .= '<p>' . $website->t("users.email") . ' ' . $website->t("editor.is_changed") . '</p>'; // Don't show form $show_form = false; } else { // Invalid email $website->addError($website->t("users.email") . ' ' . Validate::getLastError($website)); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.email", true) . '</em></p>'; } } // Show form if ($show_form) { // Text above form $textToDisplay .= "<p>" . $website->t("users.email.edit.explained") . "</p>\n"; if ($this->editing_someone_else) { $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n"; } // Form itself $email = htmlSpecialChars($request->getRequestString("email", $this->user->getEmail())); $textToDisplay .= <<<EOT <form action="{$website->getUrlMain()}" method="post"> <p> <label for="email">{$website->t('users.email')}:</label><br /><input type="text" id="email" name="email" value="{$email}"/><br /> </p> <p> <input type="hidden" name="id" value="{$this->user->getId()}" /> <input type="hidden" name="p" value="edit_email" /> <input type="submit" value="{$website->t('users.email.edit')} " class="button" /> </p> </form> EOT; } // Links $textToDisplay .= $this->get_account_links_html($website); return $textToDisplay; }
protected function get_ranks_box_html(Website $website, $ranks, $selected) { $oAuth = $website->getAuth(); $text = $website->getText(); $selection_box = '<select name="rank" id="rank">'; foreach ($ranks as $id) { $label = $text->t($oAuth->getRankName($id)); $selection_box .= '<option value="' . $id . '"'; if ($selected == $id) { $selection_box .= ' selected="selected"'; } $selection_box .= '>' . $label . "</option>\n"; } $selection_box .= "</select>\n"; return $selection_box; }
public function init(Website $website, Request $request) { $id = $request->getParamInt(0, 0); // Load document $documentRepo = new DocumentRepository($website->getDatabase(), true); $user = $website->getAuth()->getCurrentUser(); // ^ this is never null, as the required rank for this page is moderator $this->document = $this->retrieveDocument($website, $documentRepo, $id, $user); // Load document widgets $this->widgetLoader = $website->getWidgets(); $widgetRepo = new WidgetRepository($website); $this->widgets = $widgetRepo->getWidgetsInDocumentWithId($id); // Check for edits $this->saveData($website->getText(), $request, $this->document, $documentRepo); // Store new request token $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); }
private function handleUserRequest(Website $website, Request $request) { $username = $request->getRequestString("creating_username", ""); $displayName = $request->getRequestString("creating_display_name", ""); $password = $request->getRequestString("creating_password", ""); $email = $request->getRequestString("creating_email", ""); $rank = $request->getRequestInt("creating_rank", 0); $newUser = User::createNewUser($username, $displayName, $password); $newUser->setEmail($email); $newUser->setRank($rank); $text = $website->getText(); $userRepo = new UserRepository($website->getDatabase()); if (Validate::requestToken($request) && $this->validateInput($newUser, $password, $website->getAuth(), $userRepo, $text)) { $userRepo->save($newUser); $this->accountCreated = true; $text->addMessage($text->t("users.create.other.done"), Link::of($text->getUrlPage("create_account_admin"), $text->t("users.create_another")), Link::of($text->getUrlPage("account_management"), $text->t("main.account_management"))); } return $newUser; }
public function init(Website $website, Request $request) { $commentId = $request->getParamInt(0, 0); $repo = new CommentRepository($website->getDatabase()); $this->comment = $repo->getCommentOrFail($commentId); $user = $website->getAuth()->getCurrentUser(); // Check if user is allowed to delete this comment if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) { throw new NotFoundException(); } // Check if form was submitted if (Validate::requestToken($request)) { $repo->deleteComment($commentId); $text = $website->getText(); $articleLink = $text->getUrlPage("article", $this->comment->getArticleId()); $text->addMessage($text->t("comments.comment") . ' ' . $text->t("editor.is_deleted"), Link::of($articleLink, $text->t("main.ok"))); } else { $this->requestToken = RequestToken::generateNew(); $this->requestToken->saveToSession(); } }
public function init(Website $website, Request $request) { $text = $website->getText(); $currentUser = $website->getAuth()->getCurrentUser(); $articleId = $request->getParamInt(0); $articleRepository = new ArticleRepository($website); $article = $this->getArticle($articleRepository, $currentUser, $articleId); $articleEditor = new ArticleEditor($article); $this->articleEditor = $articleEditor; $categoryRepository = new CategoryRepository($website->getDatabase()); $this->allCategories = $categoryRepository->getCategories(); $this->richEditor = new CKEditor($website->getText(), $website->getConfig(), $website->getThemeManager()); // Validate token, then save new one to session $validToken = Validate::requestToken($request); $this->token = RequestToken::generateNew(); $this->token->saveToSession(); // Now check input if (!$articleEditor->processInput($website->getText(), $request, $categoryRepository)) { return; } if ($request->hasRequestValue("submit") && $validToken) { // Try to save $article = $articleEditor->getArticle(); if ($articleRepository->saveArticle($article)) { $viewArticleLink = Link::of($website->getUrlPage("article", $article->getId()), $website->t("articles.view")); if ($articleId == 0) { // New article created $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_created"), $viewArticleLink); } else { // Article updated $text->addMessage($text->t("main.article") . " " . $text->t("editor.is_edited"), $viewArticleLink); } // Check for redirect if ($request->getRequestString("submit") == $website->t("editor.save_and_quit")) { $this->redirectUrl = $website->getUrlPage("article", $article->getId()); } } } }
public function init(Website $website, Request $request) { $text = $website->getText(); $this->requestToken = RequestToken::generateNew(); $commentId = $request->getParamInt(0, 0); $auth = $website->getAuth(); $user = $auth->getCurrentUser(); $repo = new CommentRepository($website->getDatabase()); $this->comment = $repo->getCommentOrFail($commentId); if ($user->getId() !== $this->comment->getUserId() && !$user->hasRank(Authentication::RANK_MODERATOR)) { // Can only edit own comment unless moderator throw new NotFoundException(); } if ($request->hasRequestValue("submit") && Validate::requestToken($request)) { // Validate and save comment $this->updateCommentFromRequest($this->comment, $request); if ($repo->validateComment($this->comment, $text)) { $repo->saveComment($this->comment); $this->redirectLink = $this->comment->getUrl($text); } } $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $text = $website->getText(); $this->requestToken = RequestToken::generateNew(); $articleId = $request->getParamInt(0, 0); $articleRepo = new ArticleRepository($website); $article = $articleRepo->getArticleOrFail($articleId); if (!$article->showComments) { $text->addError($text->t("comments.commenting_not_allowed_on_article")); return; } $user = $website->getAuth()->getCurrentUser(); $this->comment = $this->fetchComment($request, $article, $user); if ($request->hasRequestValue("submit") && Validate::requestToken($request)) { // Validate and save comment $repo = new CommentRepository($website->getDatabase()); if ($repo->validateComment($this->comment, $text)) { $repo->saveComment($this->comment); $this->redirectLink = $this->comment->getUrl($text); } } $this->requestToken->saveToSession(); }
public function init(Website $website, Request $request) { $website->getAuth()->logOut(); }
public function getPageContent(Website $website, Request $request) { // Don't allow to edit your own status (why would admins want to downgrade // themselves?) if (!$this->editing_someone_else) { $website->addError($website->t("users.account") . " " . $website->t("errors.not_editable")); return ""; } $show_form = true; $textToDisplay = ""; if ($request->hasRequestValue("status")) { // Sent $status = $request->getRequestInt("status"); $status_text = $request->getRequestString("status_text"); $oAuth = $website->getAuth(); $valid = true; // Check status id if (!$oAuth->isValidStatus($status)) { $website->addError($website->t("users.status") . ' ' . $website->t("errors.not_found")); $valid = false; } // Check status text if (!Validate::stringLength($status_text, 1, self::MAXIMUM_STATUS_TEXT_LENGTH)) { $website->addError($website->t("users.status_text") . " " . Validate::getLastError($website)); $valid = false; } if ($valid) { // Valid status $this->user->setStatus($status); $this->user->setStatusText($status_text); $oAuth->getUserRepository()->save($this->user); // Saved $textToDisplay .= '<p>' . $website->t("users.status") . ' ' . $website->t("editor.is_changed") . '</p>'; // Don't show form $show_form = false; } else { // Invalid status $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.status", true) . '</em></p>'; } } // Show form if ($show_form) { // Variables $status = $website->getRequestInt("status", $this->user->getStatus()); $statuses = array(Authentication::STATUS_NORMAL, Authentication::STATUS_BANNED, Authentication::STATUS_DELETED); $status_text = htmlSpecialChars($request->getRequestString("status_text", $this->user->getStatusText())); // Form itself $textToDisplay .= <<<EOT <p> {$website->t("users.status.edit.explained")} {$website->tReplaced("accounts.edit_other", "<strong>" . $this->user->getDisplayName() . "</strong>")} </p> <p> {$website->t("main.fields_required")} </p> <form action="{$website->getUrlMain()}" method="get"> <p> <label for="status">{$website->t("users.status")}</label>:<span class="required">*</span><br /> {$this->get_statuses_box_html($website->getAuth(), $statuses, $status)} </p> <p> <label for="status_text">{$website->t("users.status_text")}</label>:<span class="required">*</span><br /> <input type="text" name="status_text" id="status_text" size="80" value="{$status_text}" /> </p> <p> <input type="hidden" name="p" value="edit_account_status" /> <input type="hidden" name="id" value="{$this->user->getId()}" /> <input type="submit" value="{$website->t('editor.save')} " class="button" /> </p> </form> EOT; } // Links $textToDisplay .= $this->get_account_links_html($website); return $textToDisplay; }
/** * Returns links to edit the profile, based on the permissions of the user * that is viewing this page. */ public function get_edit_links_html(Website $website) { $viewing_user = $website->getAuth()->getCurrentUser(); $returnValue = ""; // Get privileges $is_viewing_themselves = false; $is_viewing_as_moderator = false; $is_viewing_as_admin = false; if ($viewing_user != null) { $is_viewing_themselves = $this->user->getId() == $viewing_user->getId(); if ($website->isLoggedInAsStaff(false)) { $is_viewing_as_moderator = true; } if ($website->isLoggedInAsStaff(true)) { $is_viewing_as_admin = true; } } // Gravatar link + help if ($is_viewing_themselves) { // No way that other admins can edit someone's avatar, so only display help text for owner $returnValue .= <<<EOT <p> {$website->tReplaced("users.gravatar.explained", '<a href="http://gravatar.com/">gravatar.com</a>')} </p> EOT; } // Add all account edit links $edit_links = []; if (!$is_viewing_themselves && $is_viewing_as_moderator) { // Accessed by a moderator that isn't viewing his/her own account // Add (un)ban link $edit_links[] = $this->get_edit_link($website, "edit_account_status", "users.status.edit"); } if ($is_viewing_themselves || $is_viewing_as_admin) { // Accessed by the user themselves or an admin // Display links to edit profile $edit_links[] = $this->get_edit_link($website, "edit_email", "users.email.edit"); $edit_links[] = $this->get_edit_link($website, "edit_password", "users.password.edit"); $edit_links[] = $this->get_edit_link($website, "edit_display_name", "users.display_name.edit"); } if (!$is_viewing_themselves && $is_viewing_as_admin) { // Accessed by an admin that isn't viewing his/her own account // Add rank edit link and login link $edit_links[] = $this->get_edit_link($website, "edit_rank", "users.rank.edit"); // Only display login link if account is not deleted/banned if ($this->user->canLogIn()) { $edit_links[] = $this->get_edit_link($website, "login_other", "main.log_in"); } } if (count($edit_links) > 0) { $returnValue .= "<p>\n" . implode($edit_links) . "</p>\n"; } return $returnValue; }
/** Gets a table of all users */ public function get_users_table(Website $website, $start) { $start = (int) $start; $oAuth = $website->getAuth(); $users = $oAuth->getUserRepository()->getRegisteredUsers($start, self::USERS_PER_PAGE); $current_user_id = $oAuth->getCurrentUser()->getId(); // Start table $returnValue = "<table>\n"; $returnValue .= "<tr><th>" . $website->t("users.username") . "</th><th>" . $website->t("users.display_name") . "</th><th>" . $website->t("users.email") . "</th><th>" . $website->t("users.rank") . "</th><th>" . $website->t("main.edit") . "</th></tr>\n"; //login-naam-email-admin-bewerk $returnValue .= '<tr><td colspan="5"><a class="arrow" href="' . $website->getUrlPage("create_account_admin") . '">' . $website->t("users.create") . "...</a></td></tr>\n"; //maak nieuwe account if (count($users) > 0) { foreach ($users as $user) { // Email $email_link = '<em>' . $website->t("main.not_set") . '</em>'; $email = $user->getEmail(); if ($email) { $email = htmlSpecialChars($email); $email_link = '<a href="mailto:' . $email . '">' . $email . '</a>'; } // Others $username = $user->getUsername(); // Usernames are severly restricted, so no need to escape $display_name = htmlSpecialChars($user->getDisplayName()); $rank_name = $website->t($oAuth->getRankName($user->getRank())); if ($user->getStatus() == Authentication::STATUS_BANNED) { $rank_name = $website->t("users.status.banned"); } if ($user->getStatus() == Authentication::STATUS_DELETED) { $rank_name = $website->t("users.status.deleted"); } $username_link = '<a href="' . $website->getUrlPage("account", $user->getId()) . '">' . $username . '</a>'; $login_link = '<a class="arrow" href="' . $website->getUrlPage("login_other", $user->getId()) . '">' . $website->t("main.log_in") . '</a>'; if ($user->getId() == $current_user_id || !$user->canLogIn()) { // No need to log in as that account $login_link = ""; } // Rest of row $returnValue .= <<<EOT <tr> <td>{$username_link}</td> <td>{$display_name}</td> <td>{$email_link}</td> <td>{$rank_name}</td> <td>{$login_link}</td> </tr> EOT; } } $returnValue .= "</table>"; return $returnValue; }
public function getPageContent(Website $website, Request $request) { $show_form = true; $textToDisplay = ""; if ($request->hasRequestValue("password")) { // Sent $old_password = $request->getRequestString("old_password"); if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) { // Old password entered correctly $password = $request->getRequestString("password"); $password2 = $request->getRequestString("password2"); if (Validate::password($password, $password2)) { // Valid password $this->user->setPassword($password); $userRepo = $website->getAuth()->getUserRepository(); $userRepo->save($this->user); // Saved $textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>'; // Update login cookie (only when changing your own password) if (!$this->editing_someone_else) { $website->getAuth()->setLoginCookie(); } // Don't show form $show_form = false; } else { // Invalid new password $website->addError($website->t("users.password") . ' ' . Validate::getLastError($website)); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>'; } } else { // Invalid old password $website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct")); $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>'; } } // Show form if ($show_form) { // Text above form $textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n"; if ($this->editing_someone_else) { $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n"; } // Form itself $old_password_text = ""; if (!$this->editing_someone_else) { // Add field to verify old password when editing yourself $old_password_text = <<<EOT <label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br /> <input type="password" id="old_password" name="old_password" value=""/><br /> EOT; } $textToDisplay .= <<<EOT <p>{$website->t("main.fields_required")}</p> <form action="{$website->getUrlMain()}" method="post"> <p> {$old_password_text} <label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br /> <input type="password" id="password" name="password" value=""/><br /> <label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br /> <input type="password" id="password2" name="password2" value=""/><br /> </p> <p> <input type="hidden" name="p" value="edit_password" /> <input type="hidden" name="id" value="{$this->user->getId()}" /> <input type="submit" value="{$website->t('users.password.edit')} " class="button" /> </p> </form> EOT; } // Links $textToDisplay .= $this->get_account_links_html($website); return $textToDisplay; }
public function init(Website $website, Request $request) { $oComments = new CommentRepository($website->getDatabase()); $this->comments = $oComments->getCommentsLatest(); $this->viewingUser = $website->getAuth()->getCurrentUser(); }